subject alternative name

Question

Hello 
&nbsp;  
&nbsp; i try to get subject alternative name from ssl certificate with this syntax but i see empty value in log file. 
&nbsp;  
&nbsp; how can i get subject alternative name from ssl certificate? 
&nbsp;  
&nbsp; when CLIENTSSL_CLIENTCERT {  
&nbsp; set cert [SSL::cert 0]  
&nbsp; session add ssl [SSL::sessionid] $cert 600  
&nbsp; set sn [X509::serial_number $cert]  
&nbsp; set issuer [X509::issuer $cert]  
&nbsp; set subject [X509::subject $cert]  
&nbsp; set not_valid_after [X509::not_valid_after $cert] 
&nbsp; set not_valid_before [X509::not_valid_before $cert] 
&nbsp; set san [substr [findstr [findstr [X509::extensions $cert] "X509v3 Subject Alternative Name:" 33 "
"] "email:" 6 ,] 0 @] 
&nbsp; }  
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp; regards 
&nbsp; zafer 
&nbsp;

hoolio · Answer

Hi Zafer, 
&nbsp;  
&nbsp; If you log the value for [X509::extensions $cert] do you see the SAN there?  If so, can you post an anonymized copy of the output? 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Aaron

aeisiminger_192 · Answer

Just in case anyone else runs into this like I did here is the correct code to pull Subject Alternative Name. 
&nbsp;  
&nbsp;         SUBJECT ATERNATIVE NAME 
&nbsp;         set santemp [findstr [X509::extensions $c_cert] "Subject Alternative Name" 32 ","] 
&nbsp;         set san [findstr $santemp "email" 6]

Forum Discussion

subject alternative name

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

X509 Subject Formatting

F5 RHI Solution an alternative to GSLB load balancing between Datacenters

HTTP throttle alternative

Alternative Solution To Sideband Connection

8.3 Alternate Names With ARX

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS