How to get the email address from a client certificate and send it through the header in an iRule.

Question

Hi everyone!
I am working on an iRule to get the email address off the email client certificate and push it through the header.  It is stored in an email field and the Subject Alternative Name.  I am having trouble finding what the name of the property is for me to pull it out and put it into the header.  I tried session.ssl.cert.email and that did not have a value.  Also, what event should I put it in, because that may be my mistake as well.  I have been using HTTP_REQUEST.  I have also tried this, but I never saw the email go through the header.  &nbsp;
when CLIENTSSL_CLIENTCERT {&nbsp;
   SUBJECT ATERNATIVE NAME 
   set santemp [findstr [X509::extensions $c_cert] "Subject Alternative Name" 32 ","] 
   set san [findstr $santemp "email" 6]
} &nbsp;
Thanks in advance for all of your help!&nbsp;

iheartf5_45022 · Answer

The email field is in subject and/or extensions - I'd try logging values from the X509 commands until you find it,  then you can adjust your iRule accordingly (you'll find the logged values in /var/log/ltm);-
when CLIENTSSL_CLIENTCERT {
    log local0. "Subject: [X509::subject [SSL::cert 0]]"
    foreach item [split [X509::extensions [SSL::cert 0]] 
] {
        log local0. "$item"
    }
}

Forum Discussion

How to get the email address from a client certificate and send it through the header in an iRule.

1 Reply

Recent Discussions

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

Related Content

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

My Security+ Certification Journey

Certifications for security professionals

Building an OpenSSL Certificate Authority - Creating Your Root Certificate