subject alternative name

Question

Hello 
&nbsp;  
&nbsp; i try to get subject alternative name from ssl certificate with this syntax but i see empty value in log file. 
&nbsp;  
&nbsp; how can i get subject alternative name from ssl certificate? 
&nbsp;  
&nbsp; when CLIENTSSL_CLIENTCERT {  
&nbsp; set cert [SSL::cert 0]  
&nbsp; session add ssl [SSL::sessionid] $cert 600  
&nbsp; set sn [X509::serial_number $cert]  
&nbsp; set issuer [X509::issuer $cert]  
&nbsp; set subject [X509::subject $cert]  
&nbsp; set not_valid_after [X509::not_valid_after $cert] 
&nbsp; set not_valid_before [X509::not_valid_before $cert] 
&nbsp; set san [substr [findstr [findstr [X509::extensions $cert] "X509v3 Subject Alternative Name:" 33 "
"] "email:" 6 ,] 0 @] 
&nbsp; }  
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp; regards 
&nbsp; zafer 
&nbsp;

hoolio · Answer

Hi Zafer, 
&nbsp;  
&nbsp; If you log the value for [X509::extensions $cert] do you see the SAN there?  If so, can you post an anonymized copy of the output? 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Aaron

aeisiminger_192 · Answer

Just in case anyone else runs into this like I did here is the correct code to pull Subject Alternative Name. 
&nbsp;  
&nbsp;         SUBJECT ATERNATIVE NAME 
&nbsp;         set santemp [findstr [X509::extensions $c_cert] "Subject Alternative Name" 32 ","] 
&nbsp;         set san [findstr $santemp "email" 6]

Forum Discussion

subject alternative name

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Cisco TACACS+ Config on ISE LTM Pair

Illegal Metacharacter in Parameter Name in Json Data

AS3 declaration to set cookie to preferred

SSL Bridging and FQDN rewrite Policy

Checking for X-Forwarded-For against an Address Data-Group

Related Content

X509 Subject Formatting

F5 RHI Solution an alternative to GSLB load balancing between Datacenters

HTTP throttle alternative

Alternative Solution To Sideband Connection

8.3 Alternate Names With ARX

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS