SSL::c3d

Description¶

Inserts a certificate extension to the C3D certificate, or sets the C3D client certificate

Syntax¶

SSL::c3d extension extension <oid value>
SSL::c3d cert <DER formatted cert>
# v16.1.3
SSL::c3d subject <nid value>

SSL::c3d extension extension <oid value>¶

Inserts the <oid oid-value> as an extension to C3D certificate with OID=oid and value=oid-value.

SSL::c3d cert <DER formatted cert>¶

Sets the certificate which is in DER format as the C3D client certificate.

SSL::c3d subject <nid value>¶

Sets the C3D forged certificate subject commonName (CN) with the value specified. When subject CN is modified CN, O, OU will be converted to a PrintableString or UTF-8 format.

Note¶

This is introduced in 16.1.3.

Examples¶

when CLIENTSSL_HANDSHAKE {
     log local0.info "CLIENTSSL_HANDSHAKE"
     SSL::c3d extension CP "2.16.840.1.101.2.1.11.9, cpsuri:https://localhost/test-statement/pki/cps.txt, cpsuri:https://localhost/test-statement1/pki/cps.txt;2.16.840.1.101.2.1.11.19"
     SSL::c3d extension SAN "DNS:*.test-client.com, IP:1.1.1.1"
     SSL::c3d extension 1.2.3.4 "The oid-vaule for oid 1.2.3.4"
     if {[SSL::cert count] > 0} {
         SSL::c3d subject commonName [X509::subject [SSL::cert 0] commonName]
     }
 }

Related Information¶

Valid Events:

ANY_EVENT

Introduced: BIGIP-15.1.0
Enhanced: BIGIP-16.1.3

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.

SSL::c3d¶