102 Citrix NetScaler Policy Configuration and Reference Guide

CLIENT.SSL.CLIENT_CERT

The following example expression matches a particular time for expiration with the information in the certificate:

client.ssl.client_cert.valid_not_after.eq(GMT 2009)

The following table describes time-based operations on SSL certificates.

Operations on Certificate (client.ssl.client_cert) Dates and Times

SSL Certificate Operation

Description

 

 

certificate.

Returns the last day before certificate expiration. The

VALID_NOT_AFTER

return format is the number of seconds since GMT

 

January 1, 1970 (0 hours, 0 minutes, 0 seconds).

certificate.

Returns a Boolean TRUE value if the certificate validity

VALID_NOT_AFTER.

is between the time1 and time2 arguments. Both time1

BETWEEN(time1, time2)

and time2 must be fully specified. Following are

 

examples:

 

• GMT 1995 Jan is fully specified.

 

• GMT Jan is not fully specified

 

• GMT 1995 20 is not fully specified.

 

• GMT Jan Mon_2 is not fully specified.

 

The time1 and time2 arguments must be both GMT or

 

both LOCAL, and time2 must be bigger than time1.

 

For example, if it is GMT 2005 May 1 10h 15m 30s,

 

and the first Sunday of the month, you can specify the

 

following (evaluation results are in parentheses).

 

. . .between(GMT 2004, GMT 2006)

 

 

(TRUE)

 

. . .between(GMT 2004 Jan, GMT 2006

 

 

Nov) (TRUE)

 

. . .between(GMT 2004 Jan, GMT

 

 

2006) (TRUE)

 

. . .between(GMT 2005 May Sun_1,

 

 

GMT 2005 May Sun_3) (TRUE)

 

. . .between(GMT 2005 May 1, GMT

 

 

May 2005 1) (TRUE)

 

. . .between(LOCAL 2005 May 1,

 

 

LOCAL May 2005 1) (TRUE or FALSE,

 

 

depending on the NetScaler system time zone.)

certificate.

Extracts the last day of the month that the certificate is

VALID_NOT_AFTER.DAY

valid, and returns a number from 1 through 31, as

 

appropriate for the date.

Page 116
Image 116
Citrix Systems 9.2 manual SSL Certificate Operation Description, True