Server Certificate CN Verification with iRule

Question

Hi,&nbsp;
I wonder whether there is a way to verify server certificate CN with iRule. I know it is possible for client authentication, but can it be done for server side as well? Thank you for any suggestions.&nbsp;

kevin_stewart · Answer

BIG-IP 13.1 introduces a new SERVERSSL_SERVERCERT event that can be used exactly like the CLIENTSSL_CLIENTCERT event.&nbsp;

youssef1 · Answer

Hi,
As you know when you do client auth on client side, it's client that provide certificate during handshake ssl.
but in server side it will be F5 so you confirm that you want to retrieve CN in cert provide by f5? to the backend. it make sens?
just for info if you want to retrieve cn (subject) from client cert:
when HTTP_REQUEST {
  if {[SSL::cert count] &gt; 0}{
    set cert [SSL::cert 0]
    set subject [string tolower [X509::subject $cert]]
  }
}

regards

Forum Discussion

Server Certificate CN Verification with iRule

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

SSL Bridging verification

Configure NGINX microgateway for MTLS termination and client certificate hash verification

Trouble applying GoDaddy certificate to a virtual server

Re: Management Certificate

My Security+ Certification Journey