The ClientCertificate collection holds fields of keys and values from a security certificate that the client browser passes to the Web server. These fields are specified in the X.509 version 3 standard for public key certificates. Because X.509 is not an official standard, you may notice differences among certificates obtained from certification authorities. For more information, see the X509 Certificate article on the World Wide Web Consortium Web site.
In order to populate the fields of the ClientCertificate collection, both the Web server and the client browser must support the SSL3.0/PCT1.0 protocol. The Web site must have secure sockets layer (SSL) enabled and request client certificates. After SSL is enabled, the URL of the Web site will start with "https://" instead of "http://". The client browser must be capable of sending a certificate. If no certificate is sent, the ClientCertificate collection returns EMPTY.
You must configure your Web server to request client certificates.
To read the values in each field of the ClientCertificate collection, pass in a key name and optional subfield name.
Beginning with IIS 6.0, IIS is built in unicode in order to provide improved support for international applications. This can affect features like Request.ClientCertificate Collection. If you are porting code from an older version of IIS, use custom COM object to convert the public key to ANSI in a return parameter that ASP can then display. For more information about creating COM objects for ASP pages, see Creating COM Components for ASP.
You can iterate through the keys of the ClientCertificate collection, as shown in the following example.
<% For Each strKey in Request.ClientCertificate Response.Write strkey & " = " & Request.ClientCertificate(strkey) & "<BR>" Next %>
The following example retrieves the common name of the company that issued the client certificate.
The following example displays the expiration date of the client certificate.
The following example uses the Flags key to test whether the issuer of the certificate is known.
<% Const ceCertPresent = 1 Const ceUnrecognizedIssuer = 2 If Request.ClientCertificate("Flags") = ceUnrecognizedIssuer Then Response.Write "Unrecognized issuer" End If %>
The following example displays all the fields of a client certificate.
Issuer: <%=Request.ClientCertificate("Issuer")%><br> Subject: <%=Request.ClientCertificate("Subject")%><br> <% cer=Request.ClientCertificate("Certificate") %> Certificate Raw Data: <%=cer%><br> Certificate length: <%=len(cer)%><br> Certificate Hex Data: <% For x=1 To 100 %> <%=hex(asc(mid(cer,x,1)))%>nbsp; <% Next %>
Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.
Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.