Forum Discussion
Validating SSL certificate
I am doing some certificate validations, 1. I need to validate the client is presenting a certificate, I realize I can require it in the clientssl profile, but I have no log entry if I get a failed request. So I would like to do this in the irule that does the other validations based on the subject_dn, 2. I am having trouble finding information on some sample rule commands, what is: [SSL::cert 0]
also is SSL::cert count - what is that counting? 3. Do I want to evaluate this at CLIENTSSL_HANDSHAKE or CLIENTSSL_CLIENTCERT
Also this is not HTTP traffic.
Example shown here shows all your queries: https://devcentral.f5.com/wiki/iRules.SSL__cert.ashx https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx
SSL::cert 0 will return first cert SSL::cert count will count no. of certs present including chain SSL::handshake - Halts or resumes SSL activity
use CLIENTSSL_CLIENTCERT event
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com