Citrix Systems Network Router 9.2 User Manual
Chapter 7 Advanced Expressions: Parsing SSL Certificates
147
certificate.SUBJECT
Returns the Distinguished Name of the Subject as
a name-value. An equals sign (“=”) separates
names and values and a slash (“/”) delimits name-
value pairs.
a name-value. An equals sign (“=”) separates
names and values and a slash (“/”) delimits name-
value pairs.
Following is an example:
/C=US/O=myCompany/OU=www.
mycompany.com/CN=www.mycompany.
com/
emailAddress=myuserid@mycompany.
com
mycompany.com/CN=www.mycompany.
com/
emailAddress=myuserid@mycompany.
com
certificate.SUBJECT.
IGNORE_EMPTY_ELEMENTS
IGNORE_EMPTY_ELEMENTS
Returns the Subject as a name-value list, but
ignores the empty elements in the list. For
example, consider the following:
ignores the empty elements in the list. For
example, consider the following:
Cert-Issuer: /c=in/st=kar//
l=bangelore //o=mycompany/ou=sales/ /
emailAddress=myuserid@mycompany.com
The following Rewrite action returns a count of 6
based on the preceding Issuer definition:
based on the preceding Issuer definition:
sh rewrite action insert_ssl_header
Name: insert_ssl
Operation: insert_http_header
Target:Cert-Issuer
Value:CLIENT.SSL.CLIENT_CERT.ISSUER.
COUNT
However, if you change the value to the following,
the returned count is 9:
the returned count is 9:
CLIENT.SSL.CLIENT_CERT.ISSUER.
IGNORE_EMPTY_ELEMENTS.COUNT
IGNORE_EMPTY_ELEMENTS.COUNT
certificate.
SUBJECT_KEYID
SUBJECT_KEYID
Returns the Subject KeyID of the client certificate.
If there is no Subject KeyID, this operation returns
a zero-length text object.
If there is no Subject KeyID, this operation returns
a zero-length text object.
Operations That Can Be Specified with the CLIENT.SSL.CLIENT_CERT Prefix
SSL Certificate Operation
Description