RiverFish
Nov 27, 2012Altostratus
Generate SHA1 thumbprint of incoming SSL cert
Greetings! I have a request from a developer (below). I was hoping one of you could please help me come up with a solution?
---------------
The F5 needs to generate an SHA1 thumbprint of the incoming SSL certificate and add the output hexadecimal encoded string as a new HTTP header to be passed along to the application. The generated thumbprint is a standard SHA1 thumbprint for identification purposes.
Example HTTP Header:
ClientCert-Thumbprint: a448327eff9283928b9d9993049f0386
---------------
Below is the existing iRule that is in place currently:
when CLIENTSSL_CLIENTCERT {
set cert_subject [X509::subject [SSL::cert 0]]
if { $cert_subject == "" }
{ log "[IP::client_addr]:[TCP::client_port]: No client cert found!"}
}
when HTTP_REQUEST {
if { [info exist cert_subject] } {
HTTP::header insert SSLClientCertSubject $cert_subject
return
}
}
Thanks!