Forwarding of X509 HTTP Header to application after termination of SSL

Question

Hi, I'm fairly new to F5 and was wondering if there was a way to insert part of the x509::subject to the HTTP header.
A regular iRule for this would look partly like this
when HTTP_REQUEST {
if { [SSL::cert count] &gt; 0 } {
    HTTP::header insert CERTSUBJECT [X509::subject [SSL::cert 0]]
}

}
however I would like to just get the 10 digit EDIPI 9999999999 below:
Subject CN=John.D.Smith.9999999999,OU=CONTRACTOR,OU=PKI,OU=DoD,O=U.S.
Is there a way to do this?
Thanks
J

kevin_stewart · Answer

You can use a combination of string operations to get to this value. Try this:
set subj [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
set EDIPI [string range $subj [expr [string last "." $subj] +1] end]

The finsdtr command will return everything after "CN=" and before the next comma:
John.D.Smith.9999999999

And the string functions will return the value after the last period to the end of the string.

Forum Discussion

Forwarding of X509 HTTP Header to application after termination of SSL

1 Reply

Recent Discussions

security patch release

redirect not working

RECOVER ALL YOUR LOST CRYPTOCURRENCY WITH THE HELP OF CAPTAIN WEBGENESIS.

VPN fragmented IP packets dropped

minimum tmos software version for connect CIS (openshift)

Related Content

Enhance your Application Security using Client-side signals

F5 BIG-IP per application Red Hat OpenShift cluster migrations

Enhanced Modern Applications and MicroServices SSO with NGINX

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

Security First, Performance Always: How F5 Drives Citrix VDI Excellence in Application Delivery