Forum Discussion
nitass
Dec 03, 2012Employee
SSL::cert is not valid on server-side.
SSL::cert
Returns the X509 SSL certificate at the specified index in the peer certificate chain, where index is a value greater than or equal to zero. A value of zero denotes the first certificate in the chain, a value of one denotes the next, and so on. This command is currently applicable only under a client-side context and returns an error within a server-side context.
SSL::cert
https://devcentral.f5.com/wiki/iRules.SSL__cert.ashx
so, i understand you have to collect tcp payload and parse certificate subnet by yourself. it could be something similar to what Colin and Joel have done in article below.
Multiple Certs, One VIP: TLS Server Name Indication via iRules by Colin
https://devcentral.f5.com/tutorials/tech-tips/multiple-certs-one-vip-tls-server-name-indication-via-irules