How to log Client Certificate Common Name

Document ID : KB000005272
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Since CA API Gateway 9.0, the logging output of the "Require SSL or TLS Transport with Client Certificate Authentication" has been changed. The Client Certificate Common Name (CN) is not logged anymore.

Previous Version 8.4 <certificate CN> was the actual CN of the Client Certificate. Since Version 9.0 the logged CN is from the client certificates issuer CA. 

Resolution:

Please add in an audit detail that has the value "Found client certificate for user ${request.ssl.clientCertificate.subject.cn}" which will log the actual CN of the Client Certificate.