Citrix Systems Network Router 9.2 User Manual

•

Version

•

Serial number

•

Signature algorithm ID

•

Issuer name

•

Validity period

•

Subject (user) name

•

A public key

•

Signatures

You can configure a policy that examines both SSL connections and data in a 
client certificate. For example, suppose that you want to send SSL requests that 
use low strength ciphers to a particular load balancing virtual server farm. The 
following command is an example of a Content Switching policy that parses 
cipher strength in a request and matches cipher strengths that are less than or 
equal to 40:

add cs policy p1 -rule "client.ssl.cipher_bits.le(40)"

As another example, you can configure a policy that determines whether a request 
contains a client certificate:

add cs policy p2 -rule "client.ssl.client_cert EXISTS"

Finally, you can configure a policy that examines particular information in a 
client certificate. For example, the following policy ensures that the certificate 
has one or more days before expiration:

add cs policy p2 -rule "client.ssl.client_cert exists && client.

ssl.client_cert.days_to_expire.le(1)"

The following table describes expression prefixes that identify text-based items in 
SSL transactions and client certificates.
Prefixes That Return Text or Boolean Values for SSL and Client Certificate Data

CLIENT.SSL.CLIENT_CERT

Returns the SSL client certificate in the current 
SSL transaction.

CLIENT.SSL.CLIENT_CERT.
TO_PEM

Returns the SSL client certificate in binary format.

CLIENT.SSL.
CIPHER_EXPORTABLE

Returns a Boolean TRUE if the SSL cryptographic 
SSL cryptographic cipher is exportable.