Server ssl profile Authenticate Name

Question

Hi,
&nbsp;I was wondering if it is possible to modify the Authenticate Name for an SSL server profile in an i rule depending on the pool selected?&nbsp;
&nbsp;when SERVER_CONNECTED { 
&nbsp;       if { [LB::server pool] contains "HCI3" } {
&nbsp;           SSL::profile PROFILE_SERVERSSL 
&nbsp;           set Authenticate Name 
&nbsp;      }
&nbsp;      else {
&nbsp;           SSL::profile PROFILE_SERVERSSL 
&nbsp;           set Authenticate Name 
&nbsp;      }
&nbsp;}

hooleylist · Answer

Hi Rab, 
&nbsp;  
&nbsp; I don't think you can set the properties for the server SSL profile.  But I wonder if you could check the server name in an iRule using the SERVERSSL_HANDSHAKE event with SSL::cert to get the server's SSL cert and X509::subject to check the cert's subject: 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/SERVERSSL_HANDSHAKE 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/ssl__cert 
&nbsp; http://devcentral.f5.com/wiki/default.aspx/iRules/X509__subject 
&nbsp;  
&nbsp; If you try this, could you post back with the results? 
&nbsp;  
&nbsp; Thanks, Aaron

colin_walker_12 · Answer

Yeah, you wouldn't be able to modify the profile via the iRule. Creating custom logic to perform the checks you want might work, though. What is it you're trying to accomplish as a whole? 
&nbsp;  
&nbsp; Colin

Forum Discussion

Server ssl profile Authenticate Name

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Server Profile SNI

Simple HTTP Authentication server

LTM Authentication Profiles EOL?

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request

Distributed caching of authentication requests with NGINX Ingress Controller