Forum Discussion

Thiyagu's avatar
Thiyagu
Icon for Cirrus rankCirrus
Oct 12, 2023

Need of an Irule help to extract the SN# from the client side certificate

Hello All, we are working to to extract the device SerialNumber from the certificate send it as "X-Common-Name" header to the servers. Could you please help if you would have worked on the similar...
application delivery
Thiyagu's avatar
Thiyagu
Icon for Cirrus rankCirrus
Oct 12, 2023

Hi Mohamed, Thank you so much for your help. We are authneticating via mutual TLS and SN# of cert needs to extracted and pass it along in the HTTP header as X-Common-Name.

 

Thanks,Thiyagu.

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Oct 12, 2023

    ohh , 
    so you need to extract this tls extension and insert it as a header to server side ? 

    you need to insert SNI as header " X-common-name " 

    Let me check for proper irule , I did before somthing like that , but it was another tls extension 

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Oct 12, 2023

    Hi Thiyagu , 

    you can use something like this : 

     

    when CLIENTSSL_HANDSHAKE {
    if { [SSL::extensions exists -type 0 ] } then {
        set tls_sni_extension [SSL::extensions -type 0 ]
    } else {
        set tls_sni_extension ""
    }
}
when HTTP_REQUEST {
    if { $tls_sni_extension ne "" } then {
        log local0. " The X-common-name <---> $tls_sni_extension"
        HTTP::header insert X-common-name "$tls_sni_extension"
    }
}

     


    I am not sure for type 0 as it depends  , so could you please capture single request to see the sni extension ?