dubey/WindowsXP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WindowsXP/inetsrv/iis/img/help/iisnts/htm/asp/vbob8q5h.htm
Tanishq Dubey cb60ae51e5
Initial Commit
2025-04-27 07:49:33 -04:00

235 lines
9.6 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<TITLE>ClientCertificate</TITLE>
<SCRIPT LANGUAGE="JavaScript">
<!--
TempString = navigator.appVersion
if (navigator.appName == "Microsoft Internet Explorer"){
// Check to see if browser is Microsoft
if (TempString.indexOf ("4.") >= 0){
// Check to see if it is IE 4
document.writeln('<link rel="stylesheet" type="text/css" href="/iishelp/common/coua.css">');
}
else {
document.writeln('<link rel="stylesheet" type="text/css" href="/iishelp/common/cocss.css">');
}
}
else if (navigator.appName == "Netscape") {
// Check to see if browser is Netscape
document.writeln('<link rel="stylesheet" type="text/css" href="/iishelp/common/coua.css">');
}
else
document.writeln('<link rel="stylesheet" type="text/css" href="/iishelp/common/cocss.css">');
//-->
</script>
<SCRIPT LANGUAGE="VBScript">
<!--
Sub Window_OnLoad()
Dim frmContents
On Error Resume Next
If Not Parent Is Nothing Then
Set frmContents = Parent.Contents
If Not frmContents Is Nothing Then
frmContents.Window.TOCSynch_Click
End If
End If
End Sub
//--></SCRIPT><META NAME="DESCRIPTION" CONTENT="Internet Information Services reference information">
<META HTTP-EQUIV="PICS-Label" CONTENT='(PICS-1.1 "<http://www.rsac.org/ratingsv01.html>" l comment "RSACi North America Server" by "inet@microsoft.com <mailto:inet@microsoft.com>" r (n 0 s 0 v 0 l 0))'>
<META NAME="MS.LOCALE" CONTENT="EN-US">
<META NAME="MS-IT-LOC" Content="Internet Information Services">
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H4><A NAME="_clientcertificate"></A><SUP></SUP>ClientCertificate</H4>
<P>The <B>ClientCertificate</B> collection holds fields of keys and values from a security certificate that the client browser passes to the Web server. These fields are specified in the X.509 version 3 standard for public key certificates. Because X.509 is not an official standard, you may notice differences among certificates obtained from certificate authorities. See <a href="http://www.microsoft.com/isapi/redir.dll?prd=external&sbp=W3org&pver=1.0&ar=specs" target=_blank><b><span class=le>World Wide Web Consortium Web site</span></b></a> for an article titled <B>X509 Certificate</B>.</P>
<P>In order to populate the fields of the <B>ClientCertificate</B> collection, both the Web server and the client browser must support the SSL3.0/PCT1.0 protocol. The Web site must have SSL enabled and request client certificates. Once SSL is enabled, the URL of the Web site will start with "https://" instead of "http://". The client browser must be capable of sending a certificate. If no certificate is sent, the <B>ClientCertificate</B> collection returns EMPTY.</P>
<P>To configure your Web server to request client certificates, see <A HREF="../core/iisslsc.htm">Setting Up SSL on Your Server</A>. </P>
<P>To read the values in each field of the <B>ClientCertificate</B> collection, pass in a key name and optional subfield name.</P>
<H6>Syntax</H6>
<P><B>Request.ClientCertificate(</B> <I>Key</I>[<I>SubField</I>] <B>)</B></P>
<P><B>&nbsp;</B></P>
<H6>Parameters</H6>
<DL>
<DT><I>Key</I></DT>
<DD>Specifies the name of the certification field to retrieve. A client certificate consists of the following fields.
<TABLE border=0 cellpadding=5 cols=2 frame=box rules=all>
<TR VALIGN="top">
<TD class=blue width=22%><B>Value</B></TD>
<TD class=blue width=78%><B>Meaning</B></TD>
</TR>
<TR VALIGN="top">
<TD width=22%>Certificate</TD>
<TD width=78%>A string containing the binary stream of the entire certificate content in ASN.1 format. This is useful to discover if special <I>SubFields</I> are present that are not listed below.</TD>
</TR>
<TR VALIGN="top">
<TD width=22%>Flags</TD>
<TD width=78%>A set of flags that provide additional client certificate information. If Flags is set to 1, a client certificate is present. If Flags is set to 2, the last certificate in this chain is from an unknown issuer.</TD>
</TR>
<TR VALIGN="top">
<TD width=22%>Issuer</TD>
<TD width=78%>A string that contains a list of subfield values containing information about the issuer of the certificate. If this value is specified without a <I>SubField</I>, the <B>ClientCertificate</B> collection returns a comma-separated list of subfields. For example, C=US, O=Verisign, and so on.</TD>
</TR>
<TR VALIGN="top">
<TD width=22%>SerialNumber</TD>
<TD width=78%>A string that contains the certification serial number as an ASCII representation of hexadecimal bytes separated by hyphens (-). For example, 04-67-F3-02.</TD>
</TR>
<TR VALIGN="top">
<TD width=22%>Subject</TD>
<TD width=78%>A string that contains a list of subfield values. The subfield values contain information about the subject of the certificate. If this value is specified without a <I>SubField</I>, the <B>ClientCertificate</B> collection returns a comma-separated list of subfields. For example, C=US, O=Msft, and so on.</TD>
</TR>
<TR VALIGN="top">
<TD width=22%>ValidFrom</TD>
<TD width=78%>A date specifying when the certificate becomes valid. This date follows VBScript format and varies with international settings. For example, in the U.S., 9/26/96 11:59:59 <SMALL>PM.</SMALL> The year value is displayed as a four-digit number.</TD>
</TR>
<TR VALIGN="top">
<TD width=22%>ValidUntil</TD>
<TD width=78%>A date specifying when the certificate expires. The year value is displayed as a four-digit number.</TD>
</TR>
</TABLE><BR>
<BR>
</DD>
<DT><I>SubField</I></DT>
<DD>An optional parameter you can use to a retrieve an individual field in either the Subject or Issuer keys. This parameter is added to the <I>Key </I>parameter as a suffix. For example, IssuerO or SubjectCN. The following table lists some common S<I>ubField</I> values.
<TABLE border=0 cellpadding=5 cols=2 frame=box rules=all>
<TR VALIGN="top">
<TD class=blue width=18%><B>Value</B></TD>
<TD class=blue width=82%><B>Meaning</B></TD>
</TR>
<TR VALIGN="top">
<TD width=18%>C</TD>
<TD width=82%>Specifies the name of the country/region of origin. </TD>
</TR>
<TR VALIGN="top">
<TD width=18%>CN</TD>
<TD width=82%>Specifies the common name of the user. (This subfield is only used with the Subject key.)</TD>
</TR>
<TR VALIGN="top">
<TD width=18%>GN</TD>
<TD width=82%>Specifies a given name.</TD>
</TR>
<TR VALIGN="top">
<TD width=18%>I</TD>
<TD width=82%>Specifies a set of initials.</TD>
</TR>
<TR VALIGN="top">
<TD width=18%>L</TD>
<TD width=82%>Specifies a locality.</TD>
</TR>
<TR VALIGN="top">
<TD width=18%>O</TD>
<TD width=82%>Specifies the company or organization name. </TD>
</TR>
<TR VALIGN="top">
<TD width=18%>OU</TD>
<TD width=82%>Specifies the name of the organizational unit.</TD>
</TR>
<TR VALIGN="top">
<TD width=18%>S</TD>
<TD width=82%>Specifies a state or province.</TD>
</TR>
<TR VALIGN="top">
<TD width=18%>T</TD>
<TD width=82%>Specifies the title of the person or organization.</TD>
</TR>
</TABLE><BR>
<P><I>SubField </I>values other than those listed in the preceding table can be identified by their ASN.1 Object Identifier (OID). The format of the OID is a list of numbers separated by a period (.). A list of OIDs for your certificate can be obtained from the authority that issued your certificate.
</DD>
</DL>
<H6>Example</H6>
<P>You can iterate through the keys of the <B>ClientCertificate</B> collection. This is demonstrated in the following example.</P>
<PRE><CODE>&lt;%
For Each strKey in Request.ClientCertificate
Response.Write strkey &amp; " = " &amp; Request.ClientCertificate(strkey) &amp; "&lt;BR&gt;"
Next
%&gt;
</CODE></PRE>
<P>The following example retrieves the common name of the company that issued the client certificate.</P>
<PRE><CODE>&lt;%= Request.ClientCertificate("IssuerCN") %&gt;
</CODE></PRE>
<P>The following example displays the expiration date of the client certificate.</P>
<PRE><CODE>This certification will expire on
&lt;%= Request.ClientCertificate("ValidUntil") %&gt;
The following example uses the Flags key to test whether the issuer of the certificate is known.
&lt;%
Const ceCertPresent = 1
Const ceUnrecognizedIssuer = 2
If Request.ClientCertificate("Flags") = ceUnrecognizedIssuer Then
Response.Write "Unrecognized issuer"
End If
%&gt;
</CODE></PRE>
<P>The following example displays all the fields of a client certificate.</P>
<PRE><CODE>Issuer: &lt;%=Request.ClientCertificate("Issuer")%&gt;&lt;br&gt;
Subject: &lt;%=Request.ClientCertificate("Subject")%&gt;&lt;br&gt;
&lt;% cer=Request.ClientCertificate("Certificate") %&gt;
Certificate Raw Data: &lt;%=cer%&gt;&lt;br&gt;
Certificate length: &lt;%=len(cer)%&gt;&lt;br&gt;
Certificate Hex Data:
&lt;% For x=1 To 100 %&gt;
&lt;%=hex(asc(mid(cer,x,1)))%&gt;&amp;nbsp;
&lt;% Next %&gt;
</CODE></PRE>
<H6>Applies To</H6>
<P><A HREF="/iishelp/iis/htm/asp/vbob5ulw.htm"><B>Request</B> Object</A> </P>
<H6>See Also</H6>
<P><A HREF="/iishelp/iis/htm/asp/vbob0z3o.htm"><B>Cookies</B></A>, <A HREF="/iishelp/iis/htm/asp/vbob4fl9.htm"><B>Form</B></A>, <A HREF="/iishelp/iis/htm/asp/vbob53hj.htm"><B>QueryString</B></A>, <A HREF="/iishelp/iis/htm/asp/vbob5vsj.htm"><B>ServerVariables</B></A>, <a href="http://www.microsoft.com/isapi/redir.dll?prd=msdn&sbp=workshop&pver=6.0&ar=web&sba=security" target=_blank><b><span class=le>Security and Cryptography</span></b></a>.</P>
<hr class="iis" size="1">
<p align="center"><em><a href="../../../common/colegal.htm">&copy; 1997-2001 Microsoft Corporation. All rights reserved.</a></em></p>
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink