Hi Mike,
you may use the iRule as a starting point...
when RULE_INIT {
set static::cn_wildcard ".dev.test.com _dev.test.com"
}
when CLIENTSSL_CLIENTCERT {
if { [SSL::cert 0] eq "" } then {
log local0.debug "A valid certificate is not present"
reject
} else {
log local0.debug "A valid certificate is present"
log local0.debug "DN=[X509::subject [SSL::cert 0]]"
set subject_cn [getfield [X509::subject [SSL::cert 0]] "CN=" 2]
log local0.debug "CN=$subject_cn"
set wildcard_match 0
foreach wildcard $static::cn_wildcard {
if { $subject_cn ends_with $wildcard } then {
log local0.debug "CN=$subject_cn matches Wildcard=$wildcard"
set wildcard_match 1
break
} else {
log local0.debug "CN=$subject_cn does not match Wildcard=$wildcard"
}
}
if { $wildcard_match } then {
Allow the request
} else {
reject
}
}
}
Note: I've not tested the iRule. Its just a quick writeup. So report back if you experience any problems with the code...
Cheers, Kai