Forum Discussion
Nimbostratusirule compatible for v11.2.1
Hi All ,
I am having an irule which is in BIG-IP 11.4.1 Build 637.0. Currently I need to apply this rule in BIG-IP 11.2.1 Build 797.0 Final
Please help me with the correct syntax which will work in v11
Below is the irule:when RULE_INIT { set ::org "O=Akamai"
log "Hello there ..."}
when CLIENTSSL_CLIENTCERT {
Check if client provided a cert if {[SSL::cert 0] eq ""}{ log "No SSL Certificate sent, rejecting..." Reset the connection reject
} else {
set subject_dn [X509::subject [SSL::cert 0]]
log "Client Certificate Received: $subject_dn"
Check if the client certificate contains the correct CN from the list
if { ([class match $subject_dn contains cbr_cn_stage]) } {
Accept the client cert
log "Client Certificate Accepted: $subject_dn"
} else {
log "No Matching Client Certificate Was Found Using: $subject_dn"
reject
}
} }
======================================================================================
Getting below error while applying the same in BIG-IP 11.2.1 Build 797.0 Final:
01070151:3: Rule [/Common/iRule_CBR_CN_PROD_Validation] error: Unable to find value_list (cbr_cn_stage) referenced at line 19: [class match $subject_dn contains cbr_cn_stage]
==========================================================================================
thanks
3 Replies
- nitass
Employee
01070151:3: Rule [/Common/iRule_CBR_CN_PROD_Validation] error: Unable to find value_list (cbr_cn_stage) referenced at line 19: [class match $subject_dn contains cbr_cn_stage]
have you created cbr_cn_stage data group in 11.2.1?
Kiran_145850Nope. Please guide me on how to create the same ?
thanks
- Kiran_145850
thank you , I got the setps
