IRULE to search Certificate Subject and Set Username.

Question

Good Afternoon,
I'm trying to get an IRULE to use the Client SSL profile Request handshake to filter the cert and subject.  IRULE was crafted-reused from a few other DevCentral Post.
Here's where I'm at:
Error 4: error: ["unexpected end of arguments;expected argument spec:CERTIFICATE"][X509::subject]
when CLIENTSSL_CLIENTCERT {
  if {([SSL::cert 0] eq "") or (![X509::subject] contains "irene")} {

Reset the connection
    reject

} else {  
      set subject_all [X509::subject [SSL::cert 0]]
      log "Subject: $subject_all"
      binary scan [md5 $subject_all] H* user_hash
      log "$user_hash"
   }
}
What am I missing?
Cheers!

eey0re · Answer

X509::subject needs to be passed the certificate from which to extract the subject, and is missing from your first line.
Try:
if {([SSL::cert 0] eq "") or (![X509::subject [SSL::cert 0]] contains "irene")} {

Forum Discussion

IRULE to search Certificate Subject and Set Username.

Recent Discussions

BIG-IP Edge Endpoint Inspection Failure pre-VPN

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

X509 Subject Formatting

Automating ACMEv2 Certificate Management on BIG-IP

Help F5 Transform the BIG-IP Administrator Certification

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS