For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mishpan_70054's avatar
mishpan_70054
Icon for Nimbostratus rankNimbostratus
Dec 03, 2012

logging Subject Server Certificate -in case Server side profile

Hi All     I have virtual configure with clientssl & serverssl profile enable. I like to know how I can log the subject details of the server certificate use by real server when lb communicat...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Dec 03, 2012

SSL::cert is not valid on server-side.

 

 

SSL::cert

 

Returns the X509 SSL certificate at the specified index in the peer certificate chain, where index is a value greater than or equal to zero. A value of zero denotes the first certificate in the chain, a value of one denotes the next, and so on. This command is currently applicable only under a client-side context and returns an error within a server-side context.

SSL::cert

 

https://devcentral.f5.com/wiki/iRules.SSL__cert.ashx

 

 

so, i understand you have to collect tcp payload and parse certificate subnet by yourself. it could be something similar to what Colin and Joel have done in article below.

 

 

Multiple Certs, One VIP: TLS Server Name Indication via iRules by Colin

 

https://devcentral.f5.com/tutorials/tech-tips/multiple-certs-one-vip-tls-server-name-indication-via-irules