Forum Discussion
Janek_42109
May 25, 2016Nimbostratus
You can follow this article :
https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx
In my case, i'm checking the certificate serial :
when RULE_INIT {
set static::debug 1
}
when CLIENTSSL_CLIENTCERT {
set cert [SSL::cert 0]
set sn [X509::serial_number $cert]
set subject [X509::subject $cert]
set issuer [X509::issuer $cert]
set version [X509::version $cert]
}
when HTTP_REQUEST {
if { ([matchclass $sn contains CLIENT_CERTS])} {
Accept the client cert
log local0. "Client Certificate Accepted: $sn"
} else {
log local0. "No Matching Client Certificate Was Found Using: $sn"
reject
}
}
Depending of what you want to check we can adjust the client certificate field to verify