How to log Client Certificate Common Name

book

Article ID: 5272

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Since CA API Gateway 9.0, the logging output of the "Require SSL or TLS Transport with Client Certificate Authentication" assertion has been changed. The Client Certificate Common Name (CN) is not logged anymore.

Previous Version 8.4 <certificate CN> was the actual CN of the Client Certificate. Since Version 9.0 the logged CN is from the client certificates issuer CA. 

Environment

Release:
Component: APIESM

Resolution

Please use an "Add Audit Details" assertion that has the value "Found client certificate for user ${request.ssl.clientCertificate.subject.cn}" which will log the actual CN of the Client Certificate.