Validating SSL certificate

Question

I am doing some certificate validations, 
1. I need to validate the client is presenting a certificate, I realize I can require it in the clientssl profile, but I have no log entry if I get a failed request. So I would like to do this in the irule that does the other validations based on the subject_dn, 
2. I am having trouble finding information on some sample rule commands, 
  what is:   [SSL::cert 0] &nbsp;
  also is SSL::cert count - what is that counting? 
3. Do I want to evaluate this at CLIENTSSL_HANDSHAKE or CLIENTSSL_CLIENTCERT&nbsp;
Also this is not HTTP traffic. &nbsp;

only1masterbla1 · Answer

Example shown here shows all your queries:
https://devcentral.f5.com/wiki/iRules.SSL__cert.ashx
https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx&nbsp;
SSL::cert 0 will return first cert 
SSL::cert count will count no. of certs present including chain 
SSL::handshake - Halts or resumes SSL activity&nbsp;
use CLIENTSSL_CLIENTCERT event&nbsp;

Forum Discussion

Validating SSL certificate

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Requirement for BIG-IQ VM Deployment in AWS

Can't change sync type or failover after tenant upgrade.

Cannot ping external interface

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

F5 asm/awaf

Related Content

Updating SSL Certificates on BIG-IP using REST API

Automating Certificate Management on F5 BIG-IP

Implementing SSL Orchestrator - Validation & Troubleshooting

Implementing SSL Orchestrator - Certificate Considerations

SSL Certificate Report

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS