Forum Discussion

Dennis_Kloosterman's avatar
Dennis_Kloosterman
Icon for Altostratus rankAltostratus
Dec 11, 2019

Does X509::whole also insert the intermediate certificate(s)?

Hi,   I need to write an irule that, amongst other things, forwards a client certificate in an http header. That is normally done using the X509::whole option, but the application also requires t...
application delivery
BIG-IP
iRules
  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    Dec 11, 2019

    Actually, the below code should capture the Intermediate certs too.

     

    when CLIENTSSL_CLIENTCERT {
if {[SSL::cert count] > 0}{
if { [SSL::verify_result] == 0 }{
for {set i 0} {$i < [SSL::cert count]} {incr i}{
log local0. "CERT NUMBER= $i - SUBJECT= [X509::subject [SSL::cert $i]] - Issuer= [X509::issuer [SSL::cert $i]] - SERIAL= [X509::serial_number [SSL::cert $i]]"
}
} else {
log local0. "Cert Info: [X509::verify_cert_error_string [SSL::verify_result]]"
}
} else {
log local0. "No client certificate provided"
}
}

     If you think this helps your requirement, please mark the thread as solved.