NimbostratusHi,
I am using this sample to return the thumbprint of an SSL certificate. It works fine but returns the MD5 has of the cert and I would prefer to get the SHA1 hash instead. Is this possible?
set cert_hash [X509::hash [SSL::cert 0]]
Many thanks!
CirrostratusYou'll find everything you need in this old post: https://devcentral.f5.com/community...115/asg/50
Nimbostratus
I'm not sure that is what I want, if I use this:
set SHA1ssl_cert [SSL::cert 0]
set SHA1_hash [b64encode [sha1 $SHA1ssl_cert]]
log local0. "SHA1 Thumbprint presented is = $SHA1_hash"
The result is not the SHA1 thumprint of my SSL cert?
Employee
binary scan [sha1 [SSL::cert 0]] H* fingerprint
log local0. "sha1: $fingerprint"
when HTTP_REQUEST {
HTTP::header remove SSLClientCertSubject
HTTP::header remove ClientCertThumbprint
if { [SSL::cert count] > 0 } {
HTTP::header insert SSLClientCertSubject [X509::subject [SSL::cert 0]]
binary scan [sha1 [SSL::cert 0]] H* cert_hex
HTTP::header insert ClientCertThumbprint $cert_hex
}
}
Aaron