ADC Advanced Policy Expressions

X509_CERTIFICATE_T


X.509 SSL Certificate

This topic lists the expressions that are provided by this class.

  • AUTH_KEYID

    Returns a string containing the Authority Key Identifier extension of the X509 V3 certificate.

Returns: auth_keyid_t

  • CERT_POLICY

    Returns a string containing the client certificate policy. Note that this represents a sequence of certificate policies.

Returns: seq_text_t

  • DAYS_TO_EXPIRE

    Returns the number of days before which the certificate is valid. Returns -1 for expired certificates.

Returns: num_at

  • EXISTS

    Returns TRUE if the client has an SSL client certificate.

Returns: bool_at

  • ISSUER

    Returns the Distinguished Name of the Issuer as a separated Name-Value list using the delimiter '=' to separate name and value and the delimiter '/' to separate name-value pairs. Example: /C=IN/ST=KA/L=BLR/O=Netscaler Pvt Ltd/OU=www.netscaler.com/CN=www.netscaler.com/emailAddress=ns@ns.co

Returns: nvlist_t

  • IS_VALID

    Returns true if and only if the client certificate is valid.

Returns: bool_at

KEY_USAGE (key_usage_e k)

Returns a boolean value indicating whether the specified key usage extension bit value in the X509 certificate is set.

Parameters (expressions not allowed):

            k- The argument specifies which bit is checked. Valid arguments are: DIGITAL_SIGNATURE. Returns TRUE if the digital signature bit is set; FALSE otherwise. NONREPUDIATION. Returns TRUE if the nonrepudiation bit is set; FALSE otherwise. KEYENCIPHERMENT. Returns TRUE if the key encipherment bit is set; FALSE otherwise. DATAENCIPHERMENT. Returns TRUE if the data encipherment bit is set; FALSE otherwise. KEYAGREEMENT. Returns TRUE if the key agreement bit is set; FALSE otherwise. KEYCERTSIGN. Returns TRUE if the key cert sign bit is set; FALSE otherwise. CRLSIGN. Returns TRUE if the CRL bit is set; FALSE otherwise. ENCIPHERONLY. Returns TRUE if the encipher only bit is set; FALSE otherwise. DECIPHERONLY. Returns TRUE if the decipher only bit is set; FALSE otherwise.

Returns: bool_at

  • PK_ALGORITHM

    Returns the name of the public key algorithm used by the SSL key.

Returns: text_t

  • PK_SIZE

    Returns the size of the public key used in the certificate.

Returns: num_at

  • SERIALNUMBER

    Returns the serial number of the client certificate. In the case of non-SSL transaction or error in certificate, returns an empty string.

Returns: text_t

  • SIGNATURE_ALGORITHM

    Returns the name of the cryptographic algorithm used by the CA to sign this certificate.

Returns: text_t

  • SUBJECT

    Returns the Distinguished Name of the Issuer as a separated Name-Value list using the delimiter '=' to separate name and value and the delimiter '/' to separate name-value pairs. Example: /C=IN/ST=KA/L=BLR/O=Netscaler Pvt Ltd/OU=www.netscaler.com/CN=www.netscaler.com/emailAddress=ns@ns.co

Returns: nvlist_t

  • SUBJECT_KEYID

    Returns the Subject KeyID of the client certificate, if one exists. If there is no Subject KeyID, returns a zero-length text object.

Returns: text_t

  • TO_PEM

    Returns the SSL certificate in binary format

Returns: text_t

  • VALID_NOT_AFTER

    Returns the date after which the client certificate is no longer valid.

Returns: time_at

  • VALID_NOT_BEFORE

    Returns the date before which the client certificate is not valid.

Returns: time_at

  • VERSION

    Returns the version number of the certificate. If the connection is not SSL-based, returns zero (0).

Returns: num_at

X509_CERTIFICATE_T

In this article