Forwarding of X509 HTTP Header to application after termination of SSL

Question

Hi, I'm fairly new to F5 and was wondering if there was a way to insert part of the x509::subject to the HTTP header.
A regular iRule for this would look partly like this
when HTTP_REQUEST {
if { [SSL::cert count] &gt; 0 } {
    HTTP::header insert CERTSUBJECT [X509::subject [SSL::cert 0]]
}

}
however I would like to just get the 10 digit EDIPI 9999999999 below:
Subject CN=John.D.Smith.9999999999,OU=CONTRACTOR,OU=PKI,OU=DoD,O=U.S.
Is there a way to do this?
Thanks
J

kevin_stewart · Answer

You can use a combination of string operations to get to this value. Try this:
set subj [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
set EDIPI [string range $subj [expr [string last "." $subj] +1] end]

The finsdtr command will return everything after "CN=" and before the next comma:
John.D.Smith.9999999999

And the string functions will return the value after the last period to the end of the string.

Forum Discussion

Forwarding of X509 HTTP Header to application after termination of SSL

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Introducing the F5 Application Study Tool (AST)

System Prerequisites for Deploying the Application Study Tool

Application Study Tool: Make Grafana Listen on HTTPS

Modern Applications-Demystifying Ingress solutions flavors

FTPS_SSL_ Termination

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS