Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Irule explanation

Andrew_Jones
Nimbostratus
Nimbostratus

‎08-Sep-2020 05:16

Hi can some explain what the following Irule is looking to do

 

when CLIENTSSL_CLIENTCERT {

  if { [SSL::cert 0] ne "" }{

     if { not [class match -- [X509::subject [SSL::cert 0]] contains [virtual name]_cert_dgl] } {

        reject

     }

 } else { reject }

}

 

thanks

 

Andrew

Labels:
0 Kudos
1 REPLY 1

Lidev
MVP
MVP

‎08-Sep-2020 06:24

Hi,

in brief, this irules checks the CN of the X509 certificate in order to verify if it's present in the DataGroup [virtual name]_cert_dg , if not compliant it rejects the call.

 

More details here :

https://clouddocs.f5.com/api/irules/X509__subject.html

https://clouddocs.f5.com/api/irules/SSL__cert.html

 

Regards

0 Kudos
Copyright © 2023 Khoros, LLC