Certificate Logging via iRule

Question

Certificate Logging via iRule - &nbsp;I think I'm missing something pretty simple.  My goal is to log the CN, Subject, Serial# of all Client's hitting my VIP. Is there a way to accomplish this without turning on "Require" Mode under Client Authentication via the SSL Profile.  I can't seem to find a Wiki Article around this.&nbsp;Thanks,&nbsp;

hamish · Answer

Sorry, your question feels a bit ambiguous.

Do you wish to log the SERVER side certificate information? or the CLIENT side certificate information?

If you wish to log the CLIENT side, then you'll have to REQUIRE a client cert. Because otherwise you have no guarantee that there will be one to log.

2019f5devcentra · Answer

Yes, I was trying to request the certificate details via CLIENT side. I wasn't sure if the only way to snatch this data up was to "REQUIRE" or "REQUEST" it via the SSL Profile option. I had thought there would be a way to grab this data in another method without having to allow it.

Is there a way to grab the Server Side Certificate via iRule without the SSL Profile option selected?

Thanks,

Forum Discussion

Certificate Logging via iRule

2 Replies

Recent Discussions

(How) can I get two client certificates in one APM session?

Open Redirection Mitigation

BIG-IP DNS iRule issue with static variable

how can I find the software version is 32 bit or 64 bit from LTM 15.1.10.4

Using okta as SSO to login F5 GUI

Related Content

Bypass certificate check

BIG-IQ Certificate

iRule to Insert Client Cert into HTTP Header only when Certificate is from certain Root CA

LTM Request Logging Profile: How can it log HTTP headers?

Logging TLS traffic less than TLSv1.2