ADC

Expressions for SSL certificate dates

You can determine the validity period for SSL certificates by configuring an expression that contains the following prefix:

CLIENT.SSL.CLIENT_CERT

The following example expression matches a particular time for expiration with the information in the certificate:

client.ssl.client_cert.valid_not_after.eq(GMT 2009)

The following table describes time-based operations on SSL certificates. To obtain the expression you want, replace certificate in the expression in the first column with the prefix expression, “CLIENT.SSL.CLIENT_CERT”.

  • <certificate>.VALID_NOT_AFTER:

    Returns the last day before certificate expiration. The return format is the number of seconds since GMT January 1, 1970 (0 hours, 0 minutes, 0 seconds).

  • <certificate>.VALID_NOT_AFTER.BETWEEN(<time1>, <time2>):

    Returns a Boolean TRUE value if the certificate validity is between the <time1> and <time2> arguments. Both <time1> and <time2> must be fully specified. Following are examples:

    GMT 1995 Jan is fully specified.

    GMT Jan is not fully specified

    GMT 1995 20 is not fully specified.

    GMT Jan Mon_2 is not fully specified.

    The <time1> and <time2> arguments must be both GMT or both LOCAL, and <time2> must be greater than <time1>.

    For example, if it is GMT 2005 May 1 10h 15m 30s, and the first Sunday of the month, you can specify the following (evaluation results are in parentheses).

    • . . .between(GMT 2004, GMT 2006) (TRUE)
    • . . .between(GMT 2004 Jan, GMT 2006 Nov) (TRUE)
    • . . .between(GMT 2004 Jan, GMT 2006) (TRUE)
    • . . .between(GMT 2005 May Sun_1, GMT 2005 May Sun_3) (TRUE)
    • . . .between(GMT 2005 May 1, GMT May 2005 1) (TRUE)
    • . . .between(LOCAL 2005 May 1, LOCAL May 2005 1) (TRUE or FALSE, depending on the Citrix ADC system time zone.)
  • <certificate>.VALID_NOT_AFTER.DAY:

    Extracts the last day of the month that the certificate is valid, and returns a number from 1 through 31, as appropriate for the date.

  • <certificate>.VALID_NOT_AFTER.EQ(<time>):

    Returns a Boolean TRUE if the time is equal to the <time> argument.

    For example, if the current time is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month, you can specify the following (evaluation results for this example are in parentheses):

    • . . .eq(GMT 2005) (TRUE)
    • . . .eq(GMT 2005 Dec) (FALSE)
    • . . .eq(LOCAL 2005 May) (TRUE or FALSE, depending on the current time zone)
    • . . .eq(GMT 10h) (TRUE)
    • . . .eq(GMT 10h 30s) (TRUE)
    • . . .eq(GMT May 10h) (TRUE)
    • . . .eq(GMT Sun) (TRUE)
    • . . .eq(GMT May Sun_1) (TRUE)
  • <certificate>.VALID_NOT_AFTER.GE(<time>):

    Returns a Boolean TRUE if the time value is greater than or equal to the argument <time>.

    For example, if the time value is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month of May in 2005, you can specify the following (evaluation results for this example are in parentheses):

    • . . .ge(GMT 2004) (TRUE)
    • . . .ge(GMT 2005 Jan) (TRUE)
    • . . .ge(LOCAL 2005 May) (TRUE or FALSE, depending on the current time zone.)
    • . . .ge(GMT 8h) (TRUE)
    • . . .ge(GMT 30m) (FALSE)
    • . . .ge(GMT May 10h) (TRUE)
    • . . .ge(GMT May 10h 0m) (TRUE)
    • . . .ge(GMT Sun) (TRUE)
    • . . .ge(GMT May Sun_1) (TRUE)
  • <certificate>.VALID_NOT_AFTER.GT(<time>):

    Returns a Boolean TRUE if the time value is greater than the argument <time>.

    For example, if the time value is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month of May in 2005, you can specify the following (evaluation results for this example are in parentheses):

    • . . .gt(GMT 2004) (TRUE)
    • . . .gt(GMT 2005 Jan) (TRUE)
    • . . .gt(LOCAL 2005 May) (TRUE or FALSE, depending on the current time zone.)
    • . . .gt(GMT 8h) (TRUE)
    • . . .gt(GMT 30m) (FALSE)
    • . . .gt(GMT May 10h) (FALSE)
    • . . .gt(GMT Sun) (FALSE)
    • . . .gt(GMT May Sun_1) (FALSE)
  • <certificate>.VALID_NOT_AFTER.HOURS:

    Extracts the last hour that the certificate is valid and returns that value as an integer from 0 to 23.

  • <certificate>.VALID_NOT_AFTER.LE(<time>):

    Returns a Boolean TRUE if the time precedes or is equal to the <time> argument.

    For example, if the time value is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month of May in 2005, you can specify the following (evaluation results for this example are in parentheses):

    • . . .le(GMT 2006) (TRUE)
    • . . .le(GMT 2005 Dec) (TRUE)
    • . . .le(LOCAL 2005 May) (TRUE or FALSE, depending on the current time zone.)
    • . . .le(GMT 8h) (FALSE)
    • . . .le(GMT 30m) (TRUE)
    • . . .le(GMT May 10h) (TRUE)
    • . . .le(GMT Jun 11h) (TRUE)
    • . . .le(GMT Wed) (TRUE)
    • . . .le(GMT May Sun_1) (TRUE)
  • <certificate>.VALID_NOT_AFTER.LT(<time>):

    Returns a Boolean TRUE if the time precedes the <time> argument.

    For example, if the current time is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month, you can specify the following:

    • . . .lt(GMT 2006) (TRUE)
    • . . .lt(GMT 2005 Dec) (TRUE)
    • . . .lt(LOCAL 2005 May) (TRUE or FALSE, depending on the current time zone.)
    • . . .lt(GMT 8h) (FALSE)
    • . . .lt(GMT 30m) (TRUE)
    • . . .lt(GMT May 10h) (FALSE)
    • . . .lt(GMT Jun 11h) (TRUE)
    • . . .lt(GMT Wed) (TRUE)
    • . . .lt(GMT May Sun_1) (FALSE)
  • <certificate>.VALID_NOT_AFTER.MINUTES:

    Extracts the last minute that the certificate is valid and returns that value as an integer from 0 to 59.

  • <certificate>.VALID_NOT_AFTER.MONTH:

    Extracts the last month that the certificate is valid and returns that value as an integer from 1 (January) to 12 (December).

  • <certificate>.VALID_NOT_AFTER.RELATIVE_BOOT:

    Calculates the number of seconds to the closest previous or scheduled reboot and returns an integer. If the closest boot time is in the past, the integer is negative. If it is in the future, the integer is positive.

  • <certificate>.VALID_NOT_AFTER.RELATIVE_NOW;

    Calculates the number of seconds between the current system time and the specified time and returns an integer. If the time is in the past, the integer is negative; if it is in the future, the integer is positive.

  • <certificate>.VALID_NOT_AFTER.SECONDS:

    Extracts the last second that the certificate is valid and returns that value as an integer from 0 to 59.

  • <certificate>.VALID_NOT_AFTER.WEEKDAY:

    Extracts the last weekday that the certificate is valid. Returns a number between 0 (Sunday) and 6 (Saturday) to give the weekday in the time value.

  • <certificate>.VALID_NOT_AFTER.WITHIN(<time1>, <time2>):

    Returns a Boolean TRUE if the time lies within all the ranges defined by the elements in <time1> and <time2>.

    If you omit an element of time from <time1>, it is assumed to have the lowest value in its range. If you omit an element from <time2>, it is assumed to have the highest value of its range. If you specify a year in <time1>, you must specify it in <time2>.

    The ranges for elements of time are as follows: month 1-12, day 1-31, weekday 0-6, hour 0-23, minutes 0-59 and seconds 0-59. For the result to be TRUE, each element in the time must exist in the corresponding range that you specify in <time1>, <time2>.

    For example, if time is GMT 2005 May 10 10h 15m 30s, and it is the second Tuesday of the month, you can specify the following (evaluation results are in parentheses):

    • . . .within(GMT 2004, GMT 2006) (TRUE)
    • . . .within(GMT 2004 Jan, GMT 2006 Mar) (FALSE, May is not in the range of January to March.)
    • . . .within(GMT Feb, GMT) (TRUE, May is in the range for February to December)
    • . . .within(GMT Sun_1, GMT Sun_3) (TRUE, the second Tuesday lies within the range of the first Sunday through the third Sunday)
    • . . .within(GMT 2005 May 1 10h, GMT May 2005 1 17h) (TRUE)
    • . . .within(LOCAL 2005 May 1, LOCAL May 2005 1) (TRUE or FALSE, depending on the Citrix ADC system time zone)
  • <certificate>.VALID_NOT_AFTER.YEAR:

    Extracts the last year that the certificate is valid and returns a four-digit integer.

  • <certificate>.VALID_NOT_BEFORE:

    Returns the date that the client certificate becomes valid.

    The return format is the number of seconds since GMT January 1, 1970 (0 hours, 0 minutes, 0 seconds).

  • <certificate>.VALID_NOT_BEFORE.BETWEEN(<time1>, <time2>):

    Returns a Boolean TRUE if the time value is between the two time arguments. Both <time1> and <time2> arguments must be fully specified.

    Following are examples:

    GMT 1995 Jan is fully specified. GMT Jan is not fully specified. GMT 1995 20 is not fully specified. GMT Jan Mon_2 is not fully specified. The time arguments must be both GMT or both LOCAL, and <time2> must be greater than <time1>.

    For example, if the time value is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month of May in 2005, you can specify the following (evaluation results for this example are in parentheses):

    • . . .between(GMT 2004, GMT 2006) (TRUE)
    • . . .between(GMT 2004 Jan, GMT 2006 Nov) (TRUE)
    • . . .between(GMT 2004 Jan, GMT 2006) (TRUE)
    • . . .between(GMT 2005 May Sun_1, GMT 2005 May Sun_3) (TRUE)
    • . . .between(GMT 2005 May 1, GMT May 2005 1) (TRUE)
    • . . .between(LOCAL 2005 May 1, LOCAL May 2005 1) (TRUE or FALSE, depending on the Citrix ADC system time zone.)
  • <certificate>.VALID_NOT_BEFORE.DAY:

    Extracts the last day of the month that the certificate is valid and returns that value as a number from 1 through 31 representing that day.

  • <certificate>.VALID_NOT_BEFORE.EQ(<time>):

    Returns a Boolean TRUE if the time is equal to the <time> argument.

    For example, if the time value is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month of May in 2005, you can specify the following (evaluation results for this example are in parentheses):

    • . . .eq(GMT 2005) (TRUE)
    • . . .eq(GMT 2005 Dec) (FALSE)
    • . . .eq(LOCAL 2005 May) (TRUE or FALSE, depending on the current time zone.)
    • . . .eq(GMT 10h) (TRUE)
    • . . .eq(GMT 10h 30s) (TRUE)
    • . . .eq(GMT May 10h) (TRUE)
    • . . .eq(GMT Sun) (TRUE)
    • . . .eq(GMT May Sun_1) (TRUE)
  • <certificate>.VALID_NOT_BEFORE.GE(<time>):

    Returns a Boolean TRUE if the time is greater than (after) or equal to the <time> argument.

    For example, if the time value is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month of May in 2005, you can specify the following (evaluation results are in parentheses):

    • . . .ge(GMT 2004) (TRUE)
    • . . .ge(GMT 2005 Jan) (TRUE)
    • . . .ge(LOCAL 2005 May) (TRUE or FALSE, depending on the current time zone.)
    • . . .ge(GMT 8h) (TRUE)
    • . . .ge(GMT 30m) (FALSE)
    • . . .ge(GMT May 10h) (TRUE)
    • . . .ge(GMT May 10h 0m) (TRUE)
    • . . .ge(GMT Sun) (TRUE)
    • . . .ge(GMT May Sun_1) (TRUE)
  • <certificate>.VALID_NOT_BEFORE.GT(<time>):

    Returns a Boolean TRUE if the time occurs after the <time> argument.

    For example, if the time value is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month of May in 2005, you can specify the following (evaluation results are in parentheses):

    • . . .gt(GMT 2004) (TRUE)
    • . . .gt(GMT 2005 Jan) (TRUE)
    • . . .gt(LOCAL 2005 May) (TRUE or FALSE, depending on the current time zone.)
    • . . .gt(GMT 8h) (TRUE)
    • . . .gt(GMT 30m) (FALSE)
    • . . .gt(GMT May 10h) (FALSE)
    • . . .gt(GMT May 10h 0m) (TRUE)
    • . . .gt(GMT Sun) (FALSE)
    • . . .gt(GMT May Sun_1) (FALSE)
  • <certificate>.VALID_NOT_BEFORE.HOURS:

    Extracts the last hour that the certificate is valid and returns that value as an integer from 0 to 23.

  • **<certificate>.VALID_NOT_BEFORE.LE(<time>)

    Returns a Boolean TRUE if the time precedes or is equal to the <time> argument.

    For example, if the time value is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month of May in 2005, you can specify the following (evaluation results for this example are in parentheses):

    • . . .le(GMT 2006) (TRUE)
    • . . .le(GMT 2005 Dec) (TRUE)
    • . . .le(LOCAL 2005 May) (TRUE or FALSE,depending on the current time zone.)
    • . . .le(GMT 8h) (FALSE) . - . .le(GMT 30m) (TRUE)
    • . . .le(GMT May 10h) (TRUE)
    • . . .le(GMT Jun 11h) (TRUE)
    • . . .le(GMT Wed) (TRUE)
    • . . .le(GMT May Sun_1) (TRUE)
  • <certificate>.VALID_NOT_BEFORE.LT(<time>):

    Returns a Boolean TRUE if the time precedes the <time> argument.

    For example, if the time value is GMT 2005 May 1 10h 15m 30s, and it is the first Sunday of the month of May in 2005, you can specify the following (evaluation results for this example are in parentheses):

    • . . .lt(GMT 2006) (TRUE)
    • . . .lt(GMT 2005 Dec) (TRUE)
    • . . .lt(LOCAL 2005 May) (TRUE or FALSE, depending on the current time zone.)
    • . . .lt(GMT 8h) (FALSE)
    • . . .lt(GMT 30m) (TRUE)
    • . . .lt(GMT May 10h) (FALSE)
    • . . .lt(GMT Jun 11h) (TRUE)
    • . . .lt(GMT Wed) (TRUE)
    • . . .lt(GMT May Sun_1) (FALSE)
  • <certificate>.VALID_NOT_BEFORE.MINUTES:

    Extracts the last minute that the certificate is valid. Returns the current minute as an integer from 0 to 59.

  • <certificate>.VALID_NOT_BEFORE.MONTH:

    Extracts the last month that the certificate is valid. Returns the current month as an integer from 1 (January) to 12 (December).

  • <certificate>.VALID_NOT_BEFORE.RELATIVE_BOOT:

    Calculates the number of seconds to the closest previous or scheduled Citrix ADC reboot and returns an integer. If the closest boot time is in the past, the integer is negative; if it is in the future, the integer is positive.

  • <certificate>.VALID_NOT_BEFORE.RELATIVE_NOW:

    Returns the number of seconds between the current Citrix ADC system time and the specified time as an integer. If the designated time is in the past, the integer is negative. If it is in the future, the integer is positive.

  • <certificate>.VALID_NOT_BEFORE.SECONDS:

    Extracts the last second that the certificate is valid. Returns the current second as an integer from 0 to 59.

  • <certificate>.VALID_NOT_BEFORE.WEEKDAY:

    Extracts the last weekday that the certificate is valid. Returns the weekday as a number between 0 (Sunday) and 6 (Saturday).

  • <certificate>.VALID_NOT_BEFORE.WITHIN(<time1>, <time2>):

    Returns a Boolean TRUE if each element of time exists within the range defined in the <time1>, <time2> arguments.

    If you omit an element of time from <time1>, it is assumed to have the lowest value in its range. If you omit an element of time from <time2>, it is assumed to have the highest value in its range. If you specify a year in <time1>, it must be specified in <time2>. The ranges for elements of time are as follows: month 1-12, day 1-31, weekday 0-6, hour 0-23, minutes 0-59 and seconds 0-59.

    For example, if the time is GMT 2005 May 10 10h 15m 30s, and it is the second Tuesday of the month, you can specify the following (evaluation results are in parentheses):

    • . . .within(GMT 2004, GMT 2006) (TRUE)
    • . . .within(GMT 2004 Jan, GMT 2006 Mar) (FALSE, May is not in the range of January to March.)
    • . . .within(GMT Feb, GMT) (TRUE, May is in the range of February to December.)
    • . . .within(GMT Sun_1, GMT Sun_3) (TRUE, the second Tuesday is between the first Sunday and the third Sunday.)
    • . . .within(GMT 2005 May 1 10h, GMT May 2005 1 17h) (TRUE)
    • . . .within(LOCAL 2005 May 1, LOCAL May 2005 1) (TRUE or FALSE, depending on the Citrix ADC system time zone)
  • <certificate>.VALID_NOT_BEFORE.YEAR:

    Extracts the last year that the certificate is valid. Returns the current year as a four-digit integer.

Expressions for SSL certificate dates