For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

newbie_89507's avatar
newbie_89507
Icon for Nimbostratus rankNimbostratus
Sep 11, 2009

Irule for SSL client authentication

i m new in this forum and new in F5 world. Recently bought F5 running 9.4.7 ver.       I have virtual server with valid SSL certificate. I need to write an irule so that when client...
application delivery
dev
devops
iRules
newbie_89507's avatar
newbie_89507
Icon for Nimbostratus rankNimbostratus
Sep 11, 2009
in this irule would be enough

 

 

class my_thumbprint_list {

 

"Thumbprint= 9e 0f 40 e2 43 1c"

 

}

 

 

3. Add this iRule:

 

 

when RULE_INIT {

 

set ::org "O=my Organisation"

 

}

 

 

when CLIENTSSL_CLIENTCERT {

 

Example Subject DN: /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith

 

set subject_dn [X509::subject [SSL::cert 0]]

 

log "Client Certificate Received: $subject_dn"

 

Check if the client certificate contains the correct O and a CN from the list

 

if { ([matchclass $subject_dn contains $::my_thumbprint_list]) and ($subject_dn contains $::org) } {

 

Accept the client cert

 

log "Client Certificate Accepted: $subject_dn"

 

} else {

 

log "No Matching Client Certificate Was Found Using: $subject_dn"

 

reject

 

}

 

}