Validating SSL certificate

Question

I am doing some certificate validations, 
1. I need to validate the client is presenting a certificate, I realize I can require it in the clientssl profile, but I have no log entry if I get a failed request. So I would like to do this in the irule that does the other validations based on the subject_dn, 
2. I am having trouble finding information on some sample rule commands, 
  what is:   [SSL::cert 0] &nbsp;
  also is SSL::cert count - what is that counting? 
3. Do I want to evaluate this at CLIENTSSL_HANDSHAKE or CLIENTSSL_CLIENTCERT&nbsp;
Also this is not HTTP traffic. &nbsp;

only1masterbla1 · Answer

Example shown here shows all your queries:
https://devcentral.f5.com/wiki/iRules.SSL__cert.ashx
https://devcentral.f5.com/wiki/iRules.ClientCertificateCNChecking.ashx&nbsp;
SSL::cert 0 will return first cert 
SSL::cert count will count no. of certs present including chain 
SSL::handshake - Halts or resumes SSL activity&nbsp;
use CLIENTSSL_CLIENTCERT event&nbsp;

Forum Discussion

Validating SSL certificate

1 Reply

Recent Discussions

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

Related Content

POC: Validate JWT with iRule

Implementing SSL Orchestrator - Validation & Troubleshooting

Thumbprint of the client ssl certificate

Implementing SSL Orchestrator - Certificate Considerations

SSL Certificate Report