Server Certificate CN Verification with iRule

Question

Hi,&nbsp;
I wonder whether there is a way to verify server certificate CN with iRule. I know it is possible for client authentication, but can it be done for server side as well? Thank you for any suggestions.&nbsp;

kevin_stewart · Answer

BIG-IP 13.1 introduces a new SERVERSSL_SERVERCERT event that can be used exactly like the CLIENTSSL_CLIENTCERT event.&nbsp;

youssef1 · Answer

Hi,
As you know when you do client auth on client side, it's client that provide certificate during handshake ssl.
but in server side it will be F5 so you confirm that you want to retrieve CN in cert provide by f5? to the backend. it make sens?
just for info if you want to retrieve cn (subject) from client cert:
when HTTP_REQUEST {
  if {[SSL::cert count] &gt; 0}{
    set cert [SSL::cert 0]
    set subject [string tolower [X509::subject $cert]]
  }
}

regards

Forum Discussion

Server Certificate CN Verification with iRule

Recent Discussions

AS3 Limitations

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

Configure NGINX microgateway for MTLS termination and client certificate hash verification

SSL Bridging verification

Help F5 Transform the BIG-IP Administrator Certification

Re: Management Certificate

F5 Certified Administrator NGINX certification now available!

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS