Download full document:

X509_CERTIFICATE_T

X.509 SSL Certificate

This topic lists the expressions that are provided by this class.

AUTH_KEYID

Returns a string containing the Authority Key Identifier extension of the X509 V3 certificate.

Returns: auth_keyid_t

CERT_POLICY

Returns a string containing the client certificate policy. Note that this represents a sequence of certificate policies.

Returns: seq_text_t

DAYS_TO_EXPIRE

Returns the number of days before which the certificate is valid. Returns -1 for expired certificates.

Returns: num_at

EXISTS

Returns TRUE if the client has an SSL client certificate.

Returns: bool_at

ISSUER

Returns the Distinguished Name of the Issuer as a separated Name-Value list using the delimiter '=' to separate name and value and the delimiter '/' to separate name-value pairs. Example: /C=IN/ST=KA/L=BLR/O=Netscaler Pvt Ltd/OU=www.netscaler.com/CN=www.netscaler.com/[email protected]

Returns: nvlist_t

KEY_USAGE ( key_usage_e k)

Returns a boolean value indicating whether the specified key usage extension bit value in the X509 certificate is set.

Parameters (expressions not allowed):

k - The argument specifies which bit is checked. Valid arguments are: DIGITAL_SIGNATURE. Returns TRUE if the digital signature bit is set; FALSE otherwise. NONREPUDIATION. Returns TRUE if the nonrepudiation bit is set; FALSE otherwise. KEYENCIPHERMENT. Returns TRUE if the key encipherment bit is set; FALSE otherwise. DATAENCIPHERMENT. Returns TRUE if the data encipherment bit is set; FALSE otherwise. KEYAGREEMENT. Returns TRUE if the key agreement bit is set; FALSE otherwise. KEYCERTSIGN. Returns TRUE if the key cert sign bit is set; FALSE otherwise. CRLSIGN. Returns TRUE if the CRL bit is set; FALSE otherwise. ENCIPHERONLY. Returns TRUE if the encipher only bit is set; FALSE otherwise. DECIPHERONLY. Returns TRUE if the decipher only bit is set; FALSE otherwise.

Returns: bool_at

PK_ALGORITHM

Returns the name of the public key algorithm used by the SSL key.

Returns: text_t

PK_SIZE

Returns the size of the public key used in the certificate.

Returns: num_at

SERIALNUMBER

Returns the serial number of the client certificate. In the case of non-SSL transaction or error in certificate, returns an empty string.

Returns: text_t

SIGNATURE_ALGORITHM

Returns the name of the cryptographic algorithm used by the CA to sign this certificate.

Returns: text_t

SUBJECT

Returns the Distinguished Name of the Issuer as a separated Name-Value list using the delimiter '=' to separate name and value and the delimiter '/' to separate name-value pairs. Example: /C=IN/ST=KA/L=BLR/O=Netscaler Pvt Ltd/OU=www.netscaler.com/CN=www.netscaler.com/[email protected]

Returns: nvlist_t

SUBJECT_KEYID

Returns the Subject KeyID of the client certificate, if one exists. If there is no Subject KeyID, returns a zero-length text object.

Returns: text_t

TO_PEM

Returns the SSL certificate in binary format

Returns: text_t

VALID_NOT_AFTER

Returns the date after which the client certificate is no longer valid.

Returns: time_at

VALID_NOT_BEFORE

Returns the date before which the client certificate is not valid.

Returns: time_at

VERSION

Returns the version number of the certificate. If the connection is not SSL-based, returns zero (0).

Returns: num_at