Client cert auth and irule formatting

Hello,

 

 

I am new to irules and I'm having trouble entering in this irule via the bigpipe shell. It's the only access I currently have at the moment. Am I formatting the irule incorrectly or using incorrect punctuation?

 

 

Here is the irule I am trying to use:

 

 

rule Client_Cert_Auth {

 

when CLIENTSSL_CLIENTCERT {

 

set CN "www.foo.com"

 

set OU "OU"

 

set O "Organization"

 

set L "Locale"

 

set S "State"

 

set C "Country"

 

set I "Issuer"

 

set issuer_dn [X509::issuer [SSL::cert 0]]

 

set subject_dn [X509::subject [SSL::cert 0]]

 

set ssl_errstr [X509::verify_cert_error_string [SSL::verify_result]]

 

log "Client Certificate Received: $subject_dn"

 

if {($ssl_errstr eq "ok") and ($subject_dn matches $CN) and ($subject_dn matches $OU) and ($subject_dn matches $O) and ($subject_dn matches $L) and ($subject_dn matches $S) and ($subject_dn matches $C) and ($issuer_dn matches $I)} {

 

log "Client Certificate Accepted: $subject_dn"

 

log "ssl_errstr value is: $ssl_errstr"

 

pool vip-10.1.1.1_80

 

} else {

 

log "Client Certificate Rejected: $subject_dn"

 

reject

 

} } }

 

 

Here is the output when I try and create it. I don't get very far.

 

 

bp>rule Client_Cert_Auth {

 

>>>when CLIENTSSL_CLIENTCERT {

 

>>>set CN "www.foo.com"

 

BIGpipe parsing error: 012e0021:3: The requested attribute (set CN) for 'rule' is invalid.

 

 

Here is the version I am running:

 

 

Kernel:

 

Linux 2.4.21-9.4.6.401.0smp

 

Package:

 

BIG-IP Version 9.4.6 401.0 Final Edition

 

 

Thanks for any help!