Interface IncomingRequestCfPropertiesTLSClientAuth

Data about the incoming request's TLS certificate

interface IncomingRequestCfPropertiesTLSClientAuth {
    certFingerprintSHA1: string;
    certFingerprintSHA256: string;
    certIssuerDN: string;
    certIssuerDNLegacy: string;
    certIssuerDNRFC2253: string;
    certIssuerSKI: string;
    certIssuerSerial: string;
    certNotAfter: string;
    certNotBefore: string;
    certPresented: "1";
    certRevoked: "0" | "1";
    certSKI: string;
    certSerial: string;
    certSubjectDN: string;
    certSubjectDNLegacy: string;
    certSubjectDNRFC2253: string;
    certVerified: "SUCCESS" | "FAILED:self signed certificate" | "FAILED:unable to verify the first certificate" | "FAILED:certificate is not yet valid" | "FAILED:certificate has expired" | "FAILED";
}

Properties

certFingerprintSHA1 certFingerprintSHA256 certIssuerDN certIssuerDNLegacy certIssuerDNRFC2253 certIssuerSKI certIssuerSerial certNotAfter certNotBefore certPresented certRevoked certSKI certSerial certSubjectDN certSubjectDNLegacy certSubjectDNRFC2253 certVerified

Properties

certFingerprintSHA1

certFingerprintSHA1: string

The certificate's SHA-1 fingerprint

Example

"6b9109f323999e52259cda7373ff0b4d26bd232e"

certFingerprintSHA256

certFingerprintSHA256: string

The certificate's SHA-256 fingerprint

Example

"acf77cf37b4156a2708e34c4eb755f9b5dbbe5ebb55adfec8f11493438d19e6ad3f157f81fa3b98278453d5652b0c1fd1d71e5695ae4d709803a4d3f39de9dea"

certIssuerDN

certIssuerDN: string

The certificate issuer's distinguished name

Example

"CN=cloudflareaccess.com, C=US, ST=Texas, L=Austin, O=Cloudflare"

certIssuerDNLegacy

certIssuerDNLegacy: string

The certificate issuer's distinguished name (legacy policies)

certIssuerDNRFC2253

certIssuerDNRFC2253: string

The certificate issuer's distinguished name (RFC 2253 formatted)

Example

"CN=cloudflareaccess.com, C=US, ST=Texas, L=Austin, O=Cloudflare"

certIssuerSKI

certIssuerSKI: string

The certificate issuer's Subject Key Identifier

Example

"BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4"

certIssuerSerial

certIssuerSerial: string

The certificate issuer's serial number

Example

"2489002934BDFEA34"

certNotAfter

certNotAfter: string

The effective expiration date of the certificate

Example

"Dec 22 19:39:00 2018 GMT"

certNotBefore

certNotBefore: string

The effective starting date of the certificate

Example

"Dec 22 19:39:00 2018 GMT"

certPresented

certPresented: "1"

Always "1", indicating that the certificate was presented

certRevoked

certRevoked: "0" | "1"

The presented certificate's revokation status.

  • A value of "1" indicates the certificate has been revoked
  • A value of "0" indicates the certificate has not been revoked

certSKI

certSKI: string

The certificate's Subject Key Identifier

Example

"BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4"

certSerial

certSerial: string

The certificate's serial number

Example

"00936EACBE07F201DF"

certSubjectDN

certSubjectDN: string

The certificate subject's distinguished name

Example

"CN=*.cloudflareaccess.com, C=US, ST=Texas, L=Austin, O=Cloudflare"

certSubjectDNLegacy

certSubjectDNLegacy: string

The certificate subject's distinguished name (legacy policies)

certSubjectDNRFC2253

certSubjectDNRFC2253: string

The certificate subject's distinguished name (RFC 2253 formatted)

Example

"CN=*.cloudflareaccess.com, C=US, ST=Texas, L=Austin, O=Cloudflare"

certVerified

certVerified: "SUCCESS" | "FAILED:self signed certificate" | "FAILED:unable to verify the first certificate" | "FAILED:certificate is not yet valid" | "FAILED:certificate has expired" | "FAILED"

Result of certificate verification.

Example

"FAILED:self signed certificate"

Settings

Member Visibility

Theme

On This Page

certFingerprintSHA1certFingerprintSHA256certIssuerDNcertIssuerDNLegacycertIssuerDNRFC2253certIssuerSKIcertIssuerSerialcertNotAftercertNotBeforecertPresentedcertRevokedcertSKIcertSerialcertSubjectDNcertSubjectDNLegacycertSubjectDNRFC2253certVerified