F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

ekanathdas_2662's avatar
ekanathdas_2662
Icon for Nimbostratus rankNimbostratus
May 07, 2012

We need to create an iRule that can verify client's certificate by checking the Subject line contains "CN=ABCD".

Hi team, I was looking out for an irule which can check client's certificate by checking the Subject line if it contains "CN=ABCD".       I had referred to the below site:   https://devcentr...
application delivery
dev
devops
iRules
ekanathdas_2662's avatar
ekanathdas_2662
Icon for Nimbostratus rankNimbostratus
May 07, 2012
Should the below work?

 

 

when CLIENTSSL_CLIENTCERT {

 

set cert [SSL::cert 0]

 

set subject [X509::subject $cert]

 

set clientIP [IP::client_addr]

 

 

if { $subject contains "CN=ABCD.com" } {

 

pool abcd } {

 

log local0. "cert CN valid" }

 

else {

 

log $clientIP

 

log local0. "cert CN not valid"

 

reject

 

}

 

}