Forum Discussion

Nimbostratus

May 07, 2012

We need to create an iRule that can verify client's certificate by checking the Subject line contains "CN=ABCD".

Hi team, I was looking out for an irule which can check client's certificate by checking the Subject line if it contains "CN=ABCD". I had referred to the below site: https://devcentr...

Cirrostratus

May 07, 2012

That looks good. Make sure to check that there is a cert before trying to parse it as you'll get a runtime error and TCP reset if you don't and the client doesn't present a client cert in the handshake.

when CLIENTSSL_CLIENTCERT {

if {[SSL::cert count] > 0}{
set cert [SSL::cert 0]
set subject [string tolower [X509::subject $cert]]
set clientIP [IP::client_addr]
if { $subject contains "cn=abcd.com" } {
pool abcd } {
log local0. "cert CN valid" }
else {
log $clientIP
log local0. "cert CN not valid"
reject
}
}
}

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

We need to create an iRule that can verify client's certificate by checking the Subject line contains "CN=ABCD".

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

Thumbprint of the client ssl certificate

Automating ACMEv2 Certificate Management on BIG-IP

SSL Client Certification Alert 46 Unknown CA

BIG-IQ Client Certificate (PKI) Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS