F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Thiyagu's avatar
Thiyagu
Icon for Cirrus rankCirrus
Oct 12, 2023

Need of an Irule help to extract the SN# from the client side certificate

Hello All, we are working to to extract the device SerialNumber from the certificate send it as "X-Common-Name" header to the servers. Could you please help if you would have worked on the similar...
application delivery
Thiyagu's avatar
Thiyagu
Icon for Cirrus rankCirrus
Oct 12, 2023

Hi Mohamed, Thank you so much for your help. We are authneticating via mutual TLS and SN# of cert needs to extracted and pass it along in the HTTP header as X-Common-Name.

 

Thanks,Thiyagu.

Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Oct 12, 2023

Hi Thiyagu , 

you can use something like this : 

 

when CLIENTSSL_HANDSHAKE {
    if { [SSL::extensions exists -type 0 ] } then {
        set tls_sni_extension [SSL::extensions -type 0 ]
    } else {
        set tls_sni_extension ""
    }
}
when HTTP_REQUEST {
    if { $tls_sni_extension ne "" } then {
        log local0. " The X-common-name <---> $tls_sni_extension"
        HTTP::header insert X-common-name "$tls_sni_extension"
    }
}

 


I am not sure for type 0 as it depends  , so could you please capture single request to see the sni extension ?