Forum Discussion

Nimbostratus

May 24, 2018

Is SSL::cert populated when using APM "On-Demand Cert Auth"?

Hi! I have configured client cert authentication using APM and its On-Demand Cert Auth action. I would like to retrieve the client certificate in an iRule event (HTTP_REQUEST) using SSL::cert comma...

BIG-IP Access Policy Manager (APM)

Nimbostratus

Aug 09, 2021

For anyone else that comes along this thread, I was unable to access the certificate through `SSL::cert` when the SSL profile was set to ignore the client certificate... We wanted to delay the cert request so we used the On-Demand action in an APM policy.

In our case, I was able to successfully retrieve the certificate from the APM variables, such as the following:

set cert_pem [ACCESS::session data get "session.ssl.cert.whole"]

To get the thumbprint, I had to convert the PEM to DER, then B64 encode/decode, and then I was able to use the code from the OP above.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Is SSL::cert populated when using APM "On-Demand Cert Auth"?

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

SSL-Cert

SSL Cert expiration Tracker

LTM HA Pair SSL Certs

iRule to accept client then SSL cert validation

extract LTM VS ssl profile binding cert and key information to generate a json with python f5-sdk

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS