Forum Discussion

Nimbostratus

May 29, 2018

Verifying CN received (client auth)

Hi guys, I'm trying to verify client auth certificate and using this iRule, but from the logs I can see it's always Accepted even though my trusted_certs only has 1 CN; i.e: my trusted_certs is...

application delivery

iRules

Simon_Blakely

Employee

May 29, 2018

I think what is happening is:

The way you created your datagroup has created a datagroup element with a name of "CN" and a value of "3456.xxxx.yyyy.zzz".

Your extraction from the certificate is CN=1234.xxxx.yyyy.zzz

So the contains match is for "CN", and will always match. You can create your datagroup without the CN= element at all, or specify the -value specifier to match on the values.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Verifying CN received (client auth)

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Just Announced! Attend a lab and receive a Raspberry Pi

Proxy Protocol Receiver

Verifying Local Traffic Policy and iRule Precedence

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS