Pull info from SSL Client Cert

Question

I need an irule to pass on Client Cert information from a HTTPS request to the backend pool&nbsp;
&nbsp;Attributes I'd like sent along in HTTPS headers:&nbsp;&nbsp;Certificate status - The status of the client certificate. The value of [status] can be NoClientCert, OK, or Error. If status is NoClientCert, only this header is inserted into the request. If status is Error, the error is followed by a numeric error code. &nbsp;Certificate serial number &nbsp;Issuer of the certificate&nbsp;Certificate subject (Distinguished name or DN)&nbsp;
&nbsp;Thanks to anyone that can help me out.

nicolas_menant · Answer

Hi,&nbsp;
&nbsp;To do so you'll need the BIGIP to be the SSL termination of the the HTTPS flow. &nbsp;
&nbsp;Then you can use those commands to do the kjob :&nbsp;
&nbsp;Certificate serial number: Click here
&nbsp;Certificate issuer: Click here
&nbsp;Certificate subject: Click here&nbsp;
&nbsp;An example of certificate manipulation can be found here: Click here&nbsp;
&nbsp;to insert HTTP header it is simple: Click here&nbsp;
&nbsp;Here is an example of code to work from: &nbsp;
when HTTP_REQUEST
{ 
  set pkiSubject [X509::subject $the_cert]
  set pkiIssuer [X509::issuer $the_cert]
  HTTP::header insert CN $pkiSubject
  HTTP::header insert SSLIssuer $pkiIssuer
  HTTP::header insert SSLClientCertSN [regsub -all {:} [X509::serial_number $the_cert] -]
} &nbsp;

Forum Discussion

Pull info from SSL Client Cert

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

FIPS license and fipsutil info

Timing/CPU info for BigIP DNS WideIP iRules

https://{{host}}/mgmt/shared/telemetry/info returns 404

Enhance your Application Security using Client-side signals

iRule based RADIUS Client Stack