Irule for SSL client authentication

hi Syed,

 

Have you looked at the following Sample Code

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/ClientCertificateCNChecking.html

 

 

CB

i want to authenticate via thumbprint and CN

in this irule would be enough

 

 

class my_thumbprint_list {

 

"Thumbprint= 9e 0f 40 e2 43 1c"

 

}

 

 

3. Add this iRule:

 

 

when RULE_INIT {

 

set ::org "O=my Organisation"

 

}

 

 

when CLIENTSSL_CLIENTCERT {

 

Example Subject DN: /C=AU/ST=NSW/L=Syd/O=Your Organisation/OU=Your OU/CN=John Smith

 

set subject_dn [X509::subject [SSL::cert 0]]

 

log "Client Certificate Received: $subject_dn"

 

Check if the client certificate contains the correct O and a CN from the list

 

if { ([matchclass $subject_dn contains $::my_thumbprint_list]) and ($subject_dn contains $::org) } {

 

Accept the client cert

 

log "Client Certificate Accepted: $subject_dn"

 

} else {

 

log "No Matching Client Certificate Was Found Using: $subject_dn"

 

reject

 

}

 

}