Leszek_Majewsk1
Nov 13, 2007Nimbostratus
iRule to require client certificate and validate it
I have limited possibilities to test the iRule because the business application is running via the F5... so can anyone help with this code (if there is no obvious syntax error):
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/pattern" }
{HTTP::collect
SSL::cert mode require
SSL::renegotiate
set ssl_cert [SSL::cert 0]
set isMatch 0
set org "Company name"
set locality "Warszawa"
set name "www.f5.com.pl"
set country "PL"
set issorg "“Thawte Consulting (Pty) Ltd."
set isscn "Thawte SGC C"
set issctr "PL"
set subject_dn [X509::subject $ssl_cert]
set issuer_dn [X509::issuer $ssl_cert]
log "Client Certificate Received: $subject_dn, $issuer_dn"
if { ($subject_dn matches $org) and ($subject_dn matches $locality) and ($subject_dn matches $name) and ($subject_dn matches $country) and ($issuer_dn matches $issorg) and ($issuer_dn matches $isscn) and ($issuer_dn matches $issctr)}
{
log "Client Certificate Accepted: $subject_dn, $issuer_dn"
set isMatch 1
pool TestSSL}
if { $isMatch == 0 }
{
log "No Matching Client Certificate Was Found Using: $subject_dn"
reject
}
}
else
{
pool TEST
}
}