Forum Discussion

Nimbostratus

May 07, 2012

We need to create an iRule that can verify client's certificate by checking the Subject line contains "CN=ABCD".

Hi team, I was looking out for an irule which can check client's certificate by checking the Subject line if it contains "CN=ABCD". I had referred to the below site: https://devcentr...

Nimbostratus

May 07, 2012

Should the below work?

when CLIENTSSL_CLIENTCERT {

set cert [SSL::cert 0]

set subject [X509::subject $cert]

set clientIP [IP::client_addr]

if { $subject contains "CN=ABCD.com" } {

pool abcd } {

log local0. "cert CN valid" }

else {

log $clientIP

log local0. "cert CN not valid"

reject

}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

We need to create an iRule that can verify client's certificate by checking the Subject line contains "CN=ABCD".

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

Thumbprint of the client ssl certificate

Automating ACMEv2 Certificate Management on BIG-IP

SSL Client Certification Alert 46 Unknown CA

BIG-IQ Client Certificate (PKI) Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS