Forum Discussion

Nimbostratus

Feb 05, 2015

SSL Client Irule Verification

We are having an issue I thinkg with this IRULE. It checks to see if client cert serial number matches and if it does it will allow traffic to pass. We know the serial numbers match however it logs t...

Cirrus

Feb 05, 2015

Forgive me if this is out of line, but have you thought about just using the client authentication part of the client ssl profile? You can set it to require a client cert which will satisfy you reject statement. Then set the certificate you are using(or its issuer) as the "Trusted Certificate Authorities".

With that said, in theory your iRule looks like it should work. You may try to make sure what you are comparing is the same case by using this:

set subject_sn [string tolower [X509::serial_number [SSL::cert 0]]]

And you could try putting "<u+200e>35:f3:82:5a:5f:29:c3:ee" in brackets, <u+200e>{35:f3:82:5a:5f:29:c3:ee} to rule out special evaluation of the ":".

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL Client Irule Verification

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

iRule to hide URI from client side

Using iRule to prompt for Client SSL Cert

SSL client verification required

VIP Client Logging "Not RFC1918"

iRULE regsub error

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS