Forum Discussion

2019F5DevCentra's avatar
Dec 05, 2019

Client Cert validation

Trying to understand the Logistics here in KB Article - https://clouddocs.f5.com/api/irules/ClientCertificateCNChecking.html   #Example Subject DN: /C=AU/ST=NSW/L=Syd/O=Your Organisation/O...
  • Yoann_Le_Corvi1's avatar
    Dec 06, 2019

     

    when CLIENTSSL_CLIENTCERT {
        set s_dn [X509::subject [SSL::cert 0]]
        set s_serial [X509::serial_number [SSL::cert 0]]
        log local0. "Client Certificate Received: $s_dn"
        if { $s_dn != "" }{
            if { ([matchclass $s_serial contains DatagroupS]) } {
                #Accept the client cert
                log local0. "Client Certificate Accepted: $s_serial"
            } else {
                reject
                log local0. "Failed Cert Auth - No Certificate"
            }
        } else {
            reject
        }
    }

     

    Try this, it should work 🙂