Forum Discussion

Nimbostratus

May 25, 2016

problem with SSL authentication

HI i´m having problem with a public key certificate in my client SSLprofile. do i need to import the root CA in the client profile for it to work? if i do that does everybody who has that root CA be ...

Nimbostratus

May 25, 2016

You can follow this article :

https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx

In my case, i'm checking the certificate serial :

    when RULE_INIT {
        set static::debug 1
}

when CLIENTSSL_CLIENTCERT {
  set cert [SSL::cert 0]
  set sn [X509::serial_number $cert]
  set subject [X509::subject $cert]
  set issuer [X509::issuer $cert]
  set version [X509::version $cert]
}

when HTTP_REQUEST {


      if { ([matchclass $sn contains CLIENT_CERTS])} {
         Accept the client cert
         log local0. "Client Certificate Accepted: $sn"
      } else {
         log local0. "No Matching Client Certificate Was Found Using: $sn"
         reject
      }
   }

Depending of what you want to check we can adjust the client certificate field to verify

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)