Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
code share

Validate Certificate Common Name and Revocation Status

Problem this snippet solves:

If you are using the same CA to isssue client certificates to provide secure access to multiple applications and you want to restrict which applications can be accessed with each certificate, this iRule enables you to restrict access by verifying that the certificate CN matches the FQDN for the application.

The iRule also allows you to revoke a certificate by using the SN for the revoked certificate.

Note: this example doesn't validate that the certificate is verified, so a self signed cert with the proper common name would pass this check. This iRule should be rewritten with verification using the SSL::verify_result command.