Forum Discussion

Nimbostratus

May 29, 2018

Verifying CN received (client auth)

Hi guys, I'm trying to verify client auth certificate and using this iRule, but from the logs I can see it's always Accepted even though my trusted_certs only has 1 CN; i.e: my trusted_certs is...

application delivery

iRules

Simon_Blakely

Employee

May 29, 2018

I think what is happening is:

The way you created your datagroup has created a datagroup element with a name of "CN" and a value of "3456.xxxx.yyyy.zzz".

Your extraction from the certificate is CN=1234.xxxx.yyyy.zzz

So the contains match is for "CN", and will always match. You can create your datagroup without the CN= element at all, or specify the -value specifier to match on the values.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Verifying CN received (client auth)

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

DNS HM Probe issue

Related Content

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

Global Log Receiver

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

Verified Design: SSL Orchestrator with Cisco Firepower Virtual Edition-Part 1

Verifying Slack Requests with Mutual TLS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS