Difference between revisions of "Client Auth via PKI"

From Tech-Wiki
Jump to: navigation, search
Line 3: Line 3:
  
 
  # add datagroup CertificateCA
 
  # add datagroup CertificateCA
  #String: DigiCert Server CA
+
  #   String: DigiCert Server CA
  #Value: www.domain.com
+
  #   Value: www.domain.com
 
  when CLIENTSSL_CLIENTCERT {
 
  when CLIENTSSL_CLIENTCERT {
 
     set SubCN [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
 
     set SubCN [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
Line 14: Line 14:
 
                       } else {
 
                       } else {
 
                         reject
 
                         reject
                      }
+
                  }
                  } else {
+
              } else {
                    reject
+
                  reject
                }
+
              }
    } else {
+
              } else {
  }
+
    }
 
  }
 
  }

Revision as of 16:00, 20 May 2019

Back to iRules 

# add datagroup CertificateCA
#   String: DigiCert Server CA
#   Value: www.domain.com
when CLIENTSSL_CLIENTCERT {
   set SubCN [findstr [X509::subject [SSL::cert 0]] "CN=" 3 ","]
   set IssCN [findstr [X509::issuer [SSL::cert 0]] "CN=" 3 ","]
   if {[class match $IssCN equals CertificateCA]}{
       set name [class match -value $IssCN equals CertificateCA]
            if {$name ne ""} {
                 if { $name eq $SubCN } {
                     } else {
                       reject
                  }
              } else {
                  reject
              }
             } else {
   }
}
Retrieved from ‘http://tech-wiki.net/index.php?title=Client_Auth_via_PKI&oldid=1324