ADC Advanced Policy Expressions

X509_CERTIFICATE_T

X.509 SSL Certificate

This topic lists the expressions that are provided by this class.

AUTH_KEYID

Returns a string containing the Authority Key Identifier extension

of the X509 V3 certificate.

Returns: auth_keyid_t

CERT_POLICY

Returns a string containing the client certificate policy.

Note that this represents a sequence of certificate policies.

Returns: seq_text_t

DAYS_TO_EXPIRE

Returns the number of days before which the certificate is valid.

Returns -1 for expired certificates.

Returns: num_at

EXISTS

Returns TRUE if the client has an SSL client certificate.

Returns: bool_at

ISSUER

Returns the Distinguished Name of the Issuer as a separated

Name-Value list using the delimiter '=' to separate name and value

and the delimiter '/' to separate name-value pairs.

Example:

/C=IN/ST=KA/L=BLR/O=Netscaler Pvt Ltd/OU=www.netscaler.com/CN=www.netscaler.com/emailAddress=ns@ns.co

Returns: nvlist_t

IS_VALID

Returns true if and only if the client certificate is valid.

Returns: bool_at

KEY_USAGE(key_usage_ek)

Returns a boolean value indicating whether

the specified key usage extension bit value in the X509

certificate is set.

Parameters(expressions not allowed):

k -

                        The argument specifies

which bit is checked. Valid arguments are:

DIGITAL_SIGNATURE. Returns TRUE if the

digital signature bit is set; FALSE otherwise.

NONREPUDIATION. Returns TRUE if the nonrepudiation

bit is set; FALSE otherwise.

KEYENCIPHERMENT. Returns TRUE if the key

encipherment bit is set; FALSE otherwise.

DATAENCIPHERMENT. Returns TRUE if the data

encipherment bit is set; FALSE otherwise.

KEYAGREEMENT. Returns TRUE if the key

agreement bit is set; FALSE otherwise.

KEYCERTSIGN. Returns TRUE if the key cert

sign bit is set; FALSE otherwise.

CRLSIGN. Returns TRUE if the CRL bit is set;

FALSE otherwise.

ENCIPHERONLY. Returns TRUE if the encipher

only bit is set; FALSE otherwise.

DECIPHERONLY. Returns TRUE if the decipher

only bit is set; FALSE otherwise.

Returns: bool_at

PK_ALGORITHM

Returns the name of the public key algorithm used by the SSL key.

Returns: text_t

PK_SIZE

Returns the size of the public key used in the certificate.

Returns: num_at

SERIALNUMBER

Returns the serial number of the client certificate.

In the case of non-SSL transaction or error in certificate, returns

an empty string.

Returns: text_t

SIGNATURE_ALGORITHM

Returns the name of the cryptographic algorithm used by the CA to sign

this certificate.

Returns: text_t

SUBJECT

Returns the Distinguished Name of the Issuer as a separated

Name-Value list using the delimiter '=' to separate name and value and

the delimiter '/' to separate name-value pairs.

Example:

/C=IN/ST=KA/L=BLR/O=Netscaler Pvt Ltd/OU=www.netscaler.com/CN=www.netscaler.com/emailAddress=ns@ns.co

Returns: nvlist_t

SUBJECT_KEYID

Returns the Subject KeyID of the client certificate, if one exists.

If there is no Subject KeyID, returns a zero-length text object.

Returns: text_t

TO_PEM

Returns the SSL certificate in binary format

Returns: text_t

VALID_NOT_AFTER

Returns the date after which the client certificate is no longer valid.

Returns: time_at

VALID_NOT_BEFORE

Returns the date before which the client certificate is not valid.

Returns: time_at

VERSION

Returns the version number of the certificate.

If the connection is not SSL-based, returns zero (0).

Returns: num_at

X509_CERTIFICATE_T