Difference between revisions of "Client Auth via PKI"

Latest revision as of 16:01, 20 May 2019

Back to iRules

# add datagroup CertificateCA
#   String: DigiCert Server CA
#   Value: www.domain.com
when CLIENTSSL_CLIENTCERT {
   set SubCN [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
   set IssCN [findstr [X509::issuer [SSL::cert 0]] "CN=" 3 ","]
   if {[class match $IssCN equals CertificateCA]}{
       set name [class match -value $IssCN equals CertificateCA]
            if {$name ne ""} {
                 if { $name eq $SubCN } {
                     } else {
                       reject
                  }
              } else {
                 reject
             }
             } else {
   }
}