Forum Discussion
mikegray_198028
Cirrus
Sep 15, 2016wild card CN validation.
Hello,
I am looking for a solution to validate wild card CN from client authentication certificate.
ex: CN=.dev.test.com CN=_dev.test.com Is there any vay to validate this using Irule. we are using V11.5.1
2 Replies
can some one help me on this
Hi Mike,
you may use the iRule as a starting point...
when RULE_INIT { set static::cn_wildcard ".dev.test.com _dev.test.com" } when CLIENTSSL_CLIENTCERT { if { [SSL::cert 0] eq "" } then { log local0.debug "A valid certificate is not present" reject } else { log local0.debug "A valid certificate is present" log local0.debug "DN=[X509::subject [SSL::cert 0]]" set subject_cn [getfield [X509::subject [SSL::cert 0]] "CN=" 2] log local0.debug "CN=$subject_cn" set wildcard_match 0 foreach wildcard $static::cn_wildcard { if { $subject_cn ends_with $wildcard } then { log local0.debug "CN=$subject_cn matches Wildcard=$wildcard" set wildcard_match 1 break } else { log local0.debug "CN=$subject_cn does not match Wildcard=$wildcard" } } if { $wildcard_match } then { Allow the request } else { reject } } }Note: I've not tested the iRule. Its just a quick writeup. So report back if you experience any problems with the code...
Cheers, Kai
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects