Mike_Breeden_62
Feb 05, 2015Nimbostratus
SSL Client Irule Verification
We are having an issue I thinkg with this IRULE. It checks to see if client cert serial number matches and if it does it will allow traffic to pass. We know the serial numbers match however it logs that No Matching cert was found. Can someone take a look at the IRule to see if anything needs to be changed.
Output in the logs:
13:19:22 LTM info tmm5[9705]: 01220002:6: Rule /Common/Sharepoint_ClientAuth : Client Certificate Received: 35:f3:82:5a:5f:29:c3:ee Feb 5 13:19:22 LTM info tmm5[9705]: 01220002:6: Rule /Common/Sharepoint_ClientAuth : No Matching Client Certificate Was Found Using: 35:f3:82:5a:5f:29:c3:ee
IRULE:
when CLIENTSSL_CLIENTCERT {
Check if client provided a cert
if {[SSL::cert 0] eq ""}{
Reset the connection
reject
} else {
set subject_sn [X509::serial_number [SSL::cert 0]]
log "Client Certificate Received: $subject_sn"
Check if the client certificate contains the correct serial_number
if {$subject_sn equals "<u+200e>35:f3:82:5a:5f:29:c3:ee"} {
Accept the client cert
log "Client Certificate Accepted: $subject_sn"
} else {
log "No Matching Client Certificate Was Found Using: $subject_sn"
reject
}
}
}