Forum Discussion

Nimbostratus

Nov 18, 2013

Selective Client Certificate Validation

Can you please give me a sample of an irule that validates a particular client certificate (client certificate set to require). Trusted CA certificate is Verisign, specific client cert has this commo...

Employee

Nov 18, 2013

Without more specifics, here's how you'd extract some of the X509 certificate data within an iRule:

when CLIENTSSL_CLIENTCERT {
    if { [SSL::cert count] > 0 } {
        set commonname [X509::subject [SSL::cert 0]]
        set serial [X509::serial_number [SSL::cert 0]]

    }
}

Again, not very specific, but you can see how to get the common name/subject and cert serial. From there you can perform whatever evaluations you need.

I also don't believe you can get at the thumbprint within the scope of X509 commands. It is possible through some binary parsing, but waiting to see if you absolutely need that.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)