Forum Discussion
2 Replies
Sort By
- Kevin_StewartEmployee
Without more specifics, here's how you'd extract some of the X509 certificate data within an iRule:
when CLIENTSSL_CLIENTCERT { if { [SSL::cert count] > 0 } { set commonname [X509::subject [SSL::cert 0]] set serial [X509::serial_number [SSL::cert 0]] } }
Again, not very specific, but you can see how to get the common name/subject and cert serial. From there you can perform whatever evaluations you need.
I also don't believe you can get at the thumbprint within the scope of X509 commands. It is possible through some binary parsing, but waiting to see if you absolutely need that.
- What_Lies_Bene1CirrostratusWhat do you want to do with the other traffic?