Forum Discussion

Nimbostratus

May 25, 2016

problem with SSL authentication

HI i´m having problem with a public key certificate in my client SSLprofile. do i need to import the root CA in the client profile for it to work? if i do that does everybody who has that root CA be ...

Nimbostratus

May 25, 2016

You can follow this article :

https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx

In my case, i'm checking the certificate serial :

    when RULE_INIT {
        set static::debug 1
}

when CLIENTSSL_CLIENTCERT {
  set cert [SSL::cert 0]
  set sn [X509::serial_number $cert]
  set subject [X509::subject $cert]
  set issuer [X509::issuer $cert]
  set version [X509::version $cert]
}

when HTTP_REQUEST {


      if { ([matchclass $sn contains CLIENT_CERTS])} {
         Accept the client cert
         log local0. "Client Certificate Accepted: $sn"
      } else {
         log local0. "No Matching Client Certificate Was Found Using: $sn"
         reject
      }
   }

Depending of what you want to check we can adjust the client certificate field to verify

Forum Discussion

problem with SSL authentication

Recent Discussions

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

VPN fragmented IP packets dropped

Related Content

AD Authentication and Local DB Authentication in APM

ExternalName Service and Authentication Subrequests with NGINX Ingress Controller

Duo Authentication Proxies

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query