How to log Client Certificate Common Name

Document ID : KB000005272
Last Modified Date : 26/09/2018
Show Technical Document Details

Since CA API Gateway 9.0, the logging output of the "Require SSL or TLS Transport with Client Certificate Authentication" assertion has been changed. The Client Certificate Common Name (CN) is not logged anymore.

Previous Version 8.4 <certificate CN> was the actual CN of the Client Certificate. Since Version 9.0 the logged CN is from the client certificates issuer CA. 


Please use an "Add Audit Details" assertion that has the value "Found client certificate for user ${}" which will log the actual CN of the Client Certificate.