Bob_Vance_75936
Jul 30, 2010Altostratus
Client cert auth and irule formatting
Hello,
I am new to irules and I'm having trouble entering in this irule via the bigpipe shell. It's the only access I currently have at the moment. Am I formatting the irule incorrectly or using incorrect punctuation?
Here is the irule I am trying to use:
rule Client_Cert_Auth {
when CLIENTSSL_CLIENTCERT {
set CN "www.foo.com"
set OU "OU"
set O "Organization"
set L "Locale"
set S "State"
set C "Country"
set I "Issuer"
set issuer_dn [X509::issuer [SSL::cert 0]]
set subject_dn [X509::subject [SSL::cert 0]]
set ssl_errstr [X509::verify_cert_error_string [SSL::verify_result]]
log "Client Certificate Received: $subject_dn"
if {($ssl_errstr eq "ok") and ($subject_dn matches $CN) and ($subject_dn matches $OU) and ($subject_dn matches $O) and ($subject_dn matches $L) and ($subject_dn matches $S) and ($subject_dn matches $C) and ($issuer_dn matches $I)} {
log "Client Certificate Accepted: $subject_dn"
log "ssl_errstr value is: $ssl_errstr"
pool vip-10.1.1.1_80
} else {
log "Client Certificate Rejected: $subject_dn"
reject
} } }
Here is the output when I try and create it. I don't get very far.
bp>rule Client_Cert_Auth {
>>>when CLIENTSSL_CLIENTCERT {
>>>set CN "www.foo.com"
BIGpipe parsing error: 012e0021:3: The requested attribute (set CN) for 'rule' is invalid.
Here is the version I am running:
Kernel:
Linux 2.4.21-9.4.6.401.0smp
Package:
BIG-IP Version 9.4.6 401.0 Final Edition
Thanks for any help!