Forum Discussion
Nimbostratusproblem with SSL authentication
HI i´m having problem with a public key certificate in my client SSLprofile. do i need to import the root CA in the client profile for it to work? if i do that does everybody who has that root CA be able to communicate with me?
I only want the Company who i have the public key to be able to access us.
regards
sebastian
3 Replies
Janek_42109Hello Sebastian,
On your Client SSL Profile you can use the Intermediate CA if there is one to reduce the field. And then filter your company's client certificate with an iRule based on a common information on those.
sebbenw_230133do you have any examples on how such irule should look like?
- Janek_42109
You can follow this article :
https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx
In my case, i'm checking the certificate serial :
when RULE_INIT { set static::debug 1 } when CLIENTSSL_CLIENTCERT { set cert [SSL::cert 0] set sn [X509::serial_number $cert] set subject [X509::subject $cert] set issuer [X509::issuer $cert] set version [X509::version $cert] } when HTTP_REQUEST { if { ([matchclass $sn contains CLIENT_CERTS])} { Accept the client cert log local0. "Client Certificate Accepted: $sn" } else { log local0. "No Matching Client Certificate Was Found Using: $sn" reject } }Depending of what you want to check we can adjust the client certificate field to verify
