Forum Discussion
Brad_Parker
Feb 05, 2015Cirrus
Forgive me if this is out of line, but have you thought about just using the client authentication part of the client ssl profile? You can set it to require a client cert which will satisfy you reject statement. Then set the certificate you are using(or its issuer) as the "Trusted Certificate Authorities".
With that said, in theory your iRule looks like it should work. You may try to make sure what you are comparing is the same case by using this:
set subject_sn [string tolower [X509::serial_number [SSL::cert 0]]]
And you could try putting "<u+200e>35:f3:82:5a:5f:29:c3:ee" in brackets, <u+200e>{35:f3:82:5a:5f:29:c3:ee} to rule out special evaluation of the ":".