Forum Discussion

Nimbostratus

May 28, 2018

Verifying CN received (client auth)

Hi guys, I'm trying to verify client auth certificate and using this iRule, but from the logs I can see it's always Accepted even though my trusted_certs only has 1 CN; i.e: my trusted_certs is...

application delivery

iRules

Simon_Blakely

Employee

May 28, 2018

I think what is happening is:

The way you created your datagroup has created a datagroup element with a name of "CN" and a value of "3456.xxxx.yyyy.zzz".

Your extraction from the certificate is CN=1234.xxxx.yyyy.zzz

So the contains match is for "CN", and will always match. You can create your datagroup without the CN= element at all, or specify the -value specifier to match on the values.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)