Forum Discussion

Nimbostratus

Jul 26, 2018

iRule to validate that the client certificate is allowed via CN

Hi All, I am trying to write an iRule to check the client certificate and if the cert does not contain the two CN entries below client certificate authentication is rejected and logged. Is my synt...

LTM

security

rob_carr

Cirrostratus

Jul 26, 2018

when CLIENTSSL_CLIENTCERT {
  if {[SSL::cert count] > 0} {
    set cert [SSL::cert 0]
    set subject [string tolower [X509::subject $cert]]
    if { not ($subject contains "cn=integration-prod_sfdc-client") } {
      reject
      log local0. "cert CN not valid"
    }
  }
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule to validate that the client certificate is allowed via CN

Recent Discussions

APM with EntraID as idP / request signed

Creating Policy using Terraform

Alert Mail when virtual server down trubleshooting

How to disable RC4 Cipher on SSL

Big-IQ + LetsEncrypt wildcard

Related Content

POC: Validate JWT with iRule

ASM ser input type email doesn't allow valid emails

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS