Citrix Systems Network Router 9.2 사용자 설명서

CLIENT.SSL.CLIENT_CERT

This section discusses the expressions that you can configure for certificates, with 
the exception of expressions that examine certificate expiration. Time-based 
operations are described in 

.

The following table describes operations that you can specify for the CLIENT.
SSL.CLIENT_CERT

 prefix.

certificate.EXISTS

Returns a Boolean TRUE if the client has an SSL 
certificate.

certificate.ISSUER

Returns the Distinguished Name (DN) of the 
Issuer in the certificate as a name-value list. An 
equals sign (“=”) is the delimiter for the name and 
the value, and the slash (“/”) is the delimiter that 
separates the name-value pairs. 

Following is an example of the returned DN:

/C=US/O=myCompany/OU=www.
mycompany.com/CN=www.mycompany.
com/
emailAddress=myuserid@mycompany.
com

certificate.ISSUER. 
IGNORE_EMPTY_ELEMENTS 

Returns the Issuer and ignores the empty elements 
in a name-value list. For example, consider the 
following:

Cert-Issuer: /c=in/st=kar//

l=bangelore //o=mycompany/ou=sales/ /

emailAddress=myuserid@mycompany.com

The following Rewrite action returns a count of 6 
based on the preceding Issuer definition:

sh rewrite action insert_ssl_header

Name: insert_ssl

Operation: insert_http_header   

Target:Cert-Issuer

Value:CLIENT.SSL.CLIENT_CERT.ISSUER.

COUNT

However, if you change the value to the following, 
the returned count is 9:

CLIENT.SSL.CLIENT_CERT.ISSUER.

IGNORE_EMPTY_ELEMENTS.COUNT

certificate.AUTH_KEYID

Returns a string that contains the Authority Key 
Identifier extension of the X.509 V3 certificate.

certificate.AUTH_KEYID.
CERT_SERIALNUMBER

Returns the SerialNumber field of the Authority 
Key Identifier as a blob.