Server ssl profile Authenticate Name

Question

Hi,
&nbsp;I was wondering if it is possible to modify the Authenticate Name for an SSL server profile in an i rule depending on the pool selected?&nbsp;
&nbsp;when SERVER_CONNECTED { 
&nbsp;       if { [LB::server pool] contains "HCI3" } {
&nbsp;           SSL::profile PROFILE_SERVERSSL 
&nbsp;           set Authenticate Name 
&nbsp;      }
&nbsp;      else {
&nbsp;           SSL::profile PROFILE_SERVERSSL 
&nbsp;           set Authenticate Name 
&nbsp;      }
&nbsp;}

hoolio · Answer

Hi Rab, 
&nbsp;  
&nbsp; I don't think you can set the properties for the server SSL profile.  But I wonder if you could check the server name in an iRule using the SERVERSSL_HANDSHAKE event with SSL::cert to get the server's SSL cert and X509::subject to check the cert's subject: 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/SERVERSSL_HANDSHAKE 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/ssl__cert 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/X509__subject 
&nbsp;  
&nbsp; If you try this, could you post back with the results? 
&nbsp;  
&nbsp; Thanks, Aaron

colin_walker_12 · Answer

Yeah, you wouldn't be able to modify the profile via the iRule. Creating custom logic to perform the checks you want might work, though. What is it you're trying to accomplish as a whole? 
&nbsp;  
&nbsp; Colin

Forum Discussion

Server ssl profile Authenticate Name

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

SSL Profiles Part 9: Server Authentication

SSL Profiles Part 8: Client Authentication

Server Profile SNI

Understanding the Authenticate Name Option on Server SSL profile on BIG-IP

Simple HTTP Authentication server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS