Справочник Пользователя для Citrix Systems Network Router 9.2
142
Citrix NetScaler Policy Configuration and Reference Guide
•
Version
•
Serial number
•
Signature algorithm ID
•
Issuer name
•
Validity period
•
Subject (user) name
•
A public key
•
Signatures
You can configure a policy that examines both SSL connections and data in a
client certificate. For example, suppose that you want to send SSL requests that
use low strength ciphers to a particular load balancing virtual server farm. The
following command is an example of a Content Switching policy that parses
cipher strength in a request and matches cipher strengths that are less than or
equal to 40:
client certificate. For example, suppose that you want to send SSL requests that
use low strength ciphers to a particular load balancing virtual server farm. The
following command is an example of a Content Switching policy that parses
cipher strength in a request and matches cipher strengths that are less than or
equal to 40:
add cs policy p1 -rule "client.ssl.cipher_bits.le(40)"
As another example, you can configure a policy that determines whether a request
contains a client certificate:
contains a client certificate:
add cs policy p2 -rule "client.ssl.client_cert EXISTS"
Finally, you can configure a policy that examines particular information in a
client certificate. For example, the following policy ensures that the certificate
has one or more days before expiration:
client certificate. For example, the following policy ensures that the certificate
has one or more days before expiration:
add cs policy p2 -rule "client.ssl.client_cert exists && client.
ssl.client_cert.days_to_expire.le(1)"
Prefixes for Text-Based SSL and Certificate Data
The following table describes expression prefixes that identify text-based items in
SSL transactions and client certificates.
Prefixes That Return Text or Boolean Values for SSL and Client Certificate Data
SSL transactions and client certificates.
Prefixes That Return Text or Boolean Values for SSL and Client Certificate Data
Prefix
Description
CLIENT.SSL.CLIENT_CERT
Returns the SSL client certificate in the current
SSL transaction.
SSL transaction.
CLIENT.SSL.CLIENT_CERT.
TO_PEM
TO_PEM
Returns the SSL client certificate in binary format.
CLIENT.SSL.
CIPHER_EXPORTABLE
CIPHER_EXPORTABLE
Returns a Boolean TRUE if the SSL cryptographic
SSL cryptographic cipher is exportable.
SSL cryptographic cipher is exportable.