Chapter 7 Advanced Expressions: Parsing SSL Certificates 145

Operations That Can Be Specified with the CLIENT.SSL.CLIENT_CERT Prefix

SSL Certificate Operation

Description

 

 

certificate.AUTH_KEYID.

Returns a Boolean TRUE if the certificate contains

EXISTS

an Authority Key Identifier extension.

certificate.AUTH_KEYID.

Returns the Issuer Distinguished Name in the

ISSUER_NAME

certificate as a name-value list. An equals sign

 

(“=”) is the delimiter for the name and the value,

 

and the slash (“/”) is the delimiter that separates the

 

name-value pairs.

 

Following is an example:

 

/C=US/O=myCompany/OU=www.

 

mycompany.com/CN=www.mycompany.

 

com/

 

emailAddress=myuserid@mycompany.

 

com

certificate.AUTH_KEYID.

Returns the Issuer Distinguished Name in the

ISSUER_NAME.

certificate as a name-value list and ignores the

IGNORE_EMPTY_ELEMENTS

empty elements in the list.

 

For example, the following name-value list has an

 

empty element following “a=10”:

 

a=10;;b=11; ;c=89

 

The element following b=11 is not considered an

 

empty element.

certificate.AUTH_KEYID.

Returns the keyIdentifier field of the Authority

KEYID

Key Identifier as a blob.

certificate.CERT_POLICY

Returns a string that contains the client certificate

 

policy. Note that this represents a sequence of

 

certificate policies.

 

 

Page 159
Image 159
Citrix Systems 9.2 manual An Authority Key Identifier extension, Returns the Issuer Distinguished Name, Name-value pairs