Jim_24689
Oct 08, 2013Nimbostratus
Irule and accepting a Client Cert
Hello , I am trying to configure two way SSL on a V11 F5 LTM/ASM . I'd like to check the common name of the client cert present by the client.
when CLIENTSSL_CLIENTCERT {
log local0. "Client IP - [IP::client_addr]"
log local0. "Cert Error - [X509::verify_cert_error_string [SSL::verify_result]]"
if { not ([class match [X509::subject [SSL::cert 0]] starts_with ssgdev_cn_class]) } {
log local0. "- Client certificate rejected"
log local0. "Cert Subject- [X509::subject [SSL::cert 0]]"
reject
return
}
}
In the log I see the following.
Client IP - xx.xx.xx.xx
Rule /Common/ssgdev_rule : Cert Error - application verification failure
TCL error: /Common/ssgdev_rule - while executing "X509::subject [SSL::cert 0]"
I have not run into this before. What does it mean ?