Does X509::whole also insert the intermediate certificate(s)?

Question

Hi,&nbsp;I need to write an irule that, amongst other things, forwards a client certificate in an http header. That is normally done using the X509::whole option, but the application also requires the intermediate certificate(s). I can't imagine this command achieves that as the intermediate is to my knowledge not part of the X509 certificate, but I could be mistaken. Do any of you know this for certain? Also, if this will indeed not work, does anyone know a way to retrieve and forward the intermediate(s)?

jaikumar_f5 · Answer

Actually the x509 whole gives you in pem format,https://clouddocs.f5.com/api/irules/X509__whole.html

jaikumar_f5 · Answer

Actually, the below code should capture the Intermediate certs too.&nbsp;when CLIENTSSL_CLIENTCERT {
if {[SSL::cert count] &gt; 0}{
if { [SSL::verify_result] == 0 }{
for {set i 0} {$i &lt; [SSL::cert count]} {incr i}{
log local0. "CERT NUMBER= $i - SUBJECT= [X509::subject [SSL::cert $i]] - Issuer= [X509::issuer [SSL::cert $i]] - SERIAL= [X509::serial_number [SSL::cert $i]]"
}
} else {
log local0. "Cert Info: [X509::verify_cert_error_string [SSL::verify_result]]"
}
} else {
log local0. "No client certificate provided"
}
}&nbsp;If you think this helps your requirement, please mark the thread as solved.

Forum Discussion

Does X509::whole also insert the intermediate certificate(s)?

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Intermediate iRules: Data-Groups

Intermediate iRules: Handling Strings

Intermediate iRules: Handling Lists

Intermediate iRules: Iteration

Intermediate iRules: Evaluating Performance