Forum Discussion
NimbostratusMTLS - How to authenticate a specific certificate
This is expected behaviour. You are selecting Trusted CA not cert and especially if you have uploaded the cert including the full certificate path. If so try first uploading only the cert without including the intermediate and root and use it.
If still not work you could either use a self signed certificate or as you thought use an iRule to extract and match specific value after the mTLS.
eg something like this
when HTTP_REQUEST { set cert [SSL::cert 0] set subject [X509::subject $cert] if { $subject contains "CN=XXXXXXXXXXXXX" } { log local0. "Client certificate CN matched: $subject" } else { log local0. "Client certificate CN mismatch: $subject" reject } }Or be even more granular
NacreousThis is expected behaviour. You are selecting Trusted CA not cert and especially if you have uploaded the cert including the full certificate path. If so try first uploading only the cert without including the intermediate and root and use it.
If still not work you could either use a self signed certificate or as you thought use an iRule to extract and match specific value after the mTLS.
eg something like this
when HTTP_REQUEST
{
set cert [SSL::cert 0]
set subject [X509::subject $cert]
if { $subject contains "CN=XXXXXXXXXXXXX" } {
log local0. "Client certificate CN matched: $subject"
} else {
log local0. "Client certificate CN mismatch: $subject"
reject
}
}Or be even more granular
