NimbostratusI need to extract the 'Other Name: Principal Name=' from the Subject Alternative Name field in the X509, regardless of the length of the principal name value.
Here is what I have so far but unsure of syntax:
when HTTP_REQUEST_SEND {
clientside {
if { [SSL::cert count] > 0 } {
set san [findstr [X509::subject_alternative_name [SSL::cert 0]] "Principal Name= 1 ]
AltostratusI don't think "Principal Name=1" is going to get you anywhere, as it is "othername:UPN<whatever>" in the x509 extension itself.
To be honest, I have only ever done this with APM:
https://support.f5.com/csp/article/K17063
Or with an iRule event called by APM:
when ACCESS_POLICY_AGENT_EVENT {
set upn [findstr [ACCESS::session data get session.ssl.cert.x509extension] "UPN" 4 > ]
...
}* Edit *
Don't forget when you're testing stuff like this out, you can always just shove the whole thing into the log to figure out exactly what strings to search for.
https://clouddocs.f5.com/api/irules/X509__extensions.html
when CLIENTSSL_CLIENTCERT {
set client_cert [SSL::cert 0]
log local0. "Client cert extensions - [X509::extensions $client_cert]"
# Split the X509::extensions output on each newline character and log the values
foreach item [split [X509::extensions [SSL::cert 0]] \n] {
log local0. "$item"
}
}