Forum Discussion

Cirrus

Jun 29, 2016

Client Certificate Verification using Request

Hello. Wondering if there is an iRule equivalent of the "Client Certificate - Require" and "Trusted Certificate Authorities - Bundle" in the SSL Profile. I have a situation where I need to set the "C...

Erich_Rockman_1
Jun 30, 2016
I decided to go with something like this:

when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0} { set error_code [SSL::verify_result] set error_code_string [X509::verify_cert_error_string [SSL::verify_result]]

log local0. "error_code = $error_code" log local0. "error_code_string = $error_code_string" if { $error_code ne 0 } { reject return } }

}

Erich_Rockman_1

Cirrus

Jun 30, 2016

I decided to go with something like this:

when CLIENTSSL_CLIENTCERT { if {[SSL::cert count] > 0} { set error_code [SSL::verify_result] set error_code_string [X509::verify_cert_error_string [SSL::verify_result]]

    log local0. "error_code = $error_code" 
    log local0. "error_code_string = $error_code_string"

    if { $error_code ne 0 } {
        reject
        return
    }
}

}

Forum Discussion

Client Certificate Verification using Request

Recent Discussions

Big-IP ASM automatically removes my hostname

not able to access f5 via ssh and gui

tunnel failed after antivirus avg from trial to full protection

user alert on apm logs

Adding New BigIP Units Using Free CPUs on i7800 (LB13 & LB14) to an existing HA Pair

Related Content

Configure NGINX microgateway for MTLS termination and client certificate hash verification

Re: Management Certificate

Certifications for security professionals

Certificate Expiry Email alert configuration

LTM Certificate expire