Forum Discussion

Nimbostratus

Oct 18, 2019

iRule - set SSL Cert mode based on client cert value

Hi there

Wondering how i could execute the below using an iRule?

I've run into the ssl bug https://support.f5.com/csp/article/K76313281 where the client selects a signature algorithm not supported by the F5.

As a workaround I am thinking of writing an iRule to set the SSL cert mode to Ignore based on the Subject value of the client certificate.

However to do this I believe I would first need to request the client certificate (which is my default SSL profile setting) and then extract the Subject value and check if it contains the desired string.

If it does then I want to have the SSL cert mode set to Ignore.

Thanks!

BIG-IP

LTM

security

No RepliesBe the first to reply

Forum Discussion

iRule - set SSL Cert mode based on client cert value

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Pass client cert based on POST data

Query on GTM irule based on Pool Availability

Client Cert Fingerprint Matching via iRules

F5 Client filtering based on cisco switch port info

iRule: passing client cert to node