For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rab_101866's avatar
Rab_101866
Icon for Nimbostratus rankNimbostratus
May 20, 2010

Server ssl profile Authenticate Name

Hi,

 

I was wondering if it is possible to modify the Authenticate Name for an SSL server profile in an i rule depending on the pool selected?

 

 

when SERVER_CONNECTED {

 

if { [LB::server pool] contains "HCI3" } {

 

SSL::profile PROFILE_SERVERSSL

 

set Authenticate Name

 

}

 

else {

 

SSL::profile PROFILE_SERVERSSL

 

set Authenticate Name

 

}

 

}
application delivery
dev
devops
iRules

2 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    May 24, 2010
    Hi Rab,

     

     

    I don't think you can set the properties for the server SSL profile. But I wonder if you could check the server name in an iRule using the SERVERSSL_HANDSHAKE event with SSL::cert to get the server's SSL cert and X509::subject to check the cert's subject:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/SERVERSSL_HANDSHAKE

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/ssl__cert

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/X509__subject

     

     

    If you try this, could you post back with the results?

     

     

    Thanks, Aaron
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    May 24, 2010
    Yeah, you wouldn't be able to modify the profile via the iRule. Creating custom logic to perform the checks you want might work, though. What is it you're trying to accomplish as a whole?

     

     

    Colin