Forum Discussion

Nimbostratus

Feb 15, 2019

SNI & Subject.DN Question

I have a use case where I filter traffic based on the SNI value gained by a binary scan in CLIENT_DATA but in some cases SNI value is null. I'm wanting to look at the servers subject.dn when this hap...

Cirrocumulus

Feb 18, 2019

Why not signal the need to check subject.dn based on the absence of your SNI info?

Pseudocode:

when CLIENT_DATA {
    set check_subject_dn 0
    if { [SNI existence check goes here]}
        [extract SNI and do whatever]
    } else {
        set check_subject_dn 1
    }
}
when SERVERSSL_SERVERCERT {
    if { ([SSL::cert count] != 0) && $check_subject_dn }{
        set cert [SSL::cert 0]
        set subject_dn [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
        log "gn_proxy: Server Certificate Received: $subject_dn [IP::server_addr]"
}
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SNI & Subject.DN Question

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

SNI Routing with BIG-IP

How to Troubleshoot SNI

Question on configuring SNI clientSSL Profile

Serverside SNI injection iRule

SNI Routing with DNS Lookup

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS