SongGuess
    Preparing search index...

    Interface IncomingRequestCfPropertiesTLSClientAuth

    Data about the incoming request's TLS certificate

    interface IncomingRequestCfPropertiesTLSClientAuth {
        certChainRFC9440: string;
        certChainRFC9440TooLarge: boolean;
        certFingerprintSHA1: string;
        certFingerprintSHA256: string;
        certIssuerDN: string;
        certIssuerDNLegacy: string;
        certIssuerDNRFC2253: string;
        certIssuerSerial: string;
        certIssuerSKI: string;
        certNotAfter: string;
        certNotBefore: string;
        certPresented: "1";
        certRevoked: "1" | "0";
        certRFC9440: string;
        certRFC9440TooLarge: boolean;
        certSerial: string;
        certSKI: string;
        certSubjectDN: string;
        certSubjectDNLegacy: string;
        certSubjectDNRFC2253: string;
        certVerified:
            | "SUCCESS"
            | "FAILED:self signed certificate"
            | "FAILED:unable to verify the first certificate"
            | "FAILED:certificate is not yet valid"
            | "FAILED:certificate has expired"
            | "FAILED";
    }
    Index

    Properties

    certChainRFC9440 certChainRFC9440TooLarge certFingerprintSHA1 certFingerprintSHA256 certIssuerDN certIssuerDNLegacy certIssuerDNRFC2253 certIssuerSerial certIssuerSKI certNotAfter certNotBefore certPresented certRevoked certRFC9440 certRFC9440TooLarge certSerial certSKI certSubjectDN certSubjectDNLegacy certSubjectDNRFC2253 certVerified

    Properties

    certChainRFC9440: string

    The intermediate certificate chain in RFC 9440 format as a comma-separated list. Empty if no intermediates were sent or if the chain exceeded 16 KB (see certChainRFC9440TooLarge).

    Suitable for forwarding to an origin via the Client-Cert-Chain HTTP header.

    certChainRFC9440TooLarge: boolean

    true if the intermediate chain exceeded 16 KB and was omitted from certChainRFC9440.

    certFingerprintSHA1: string

    The certificate's SHA-1 fingerprint

    "6b9109f323999e52259cda7373ff0b4d26bd232e"
    certFingerprintSHA256: string

    The certificate's SHA-256 fingerprint

    "acf77cf37b4156a2708e34c4eb755f9b5dbbe5ebb55adfec8f11493438d19e6ad3f157f81fa3b98278453d5652b0c1fd1d71e5695ae4d709803a4d3f39de9dea"
    certIssuerDN: string

    The certificate issuer's distinguished name

    "CN=cloudflareaccess.com, C=US, ST=Texas, L=Austin, O=Cloudflare"
    certIssuerDNLegacy: string

    The certificate issuer's distinguished name (legacy policies)

    certIssuerDNRFC2253: string

    The certificate issuer's distinguished name (RFC 2253 formatted)

    "CN=cloudflareaccess.com, C=US, ST=Texas, L=Austin, O=Cloudflare"
    certIssuerSerial: string

    The certificate issuer's serial number

    "2489002934BDFEA34"
    certIssuerSKI: string

    The certificate issuer's Subject Key Identifier

    "BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4"
    certNotAfter: string

    The effective expiration date of the certificate

    "Dec 22 19:39:00 2018 GMT"
    certNotBefore: string

    The effective starting date of the certificate

    "Dec 22 19:39:00 2018 GMT"
    certPresented: "1"

    Always "1", indicating that the certificate was presented

    certRevoked: "1" | "0"

    The presented certificate's revokation status.

    • A value of "1" indicates the certificate has been revoked
    • A value of "0" indicates the certificate has not been revoked
    certRFC9440: string

    The client leaf certificate in RFC 9440 format (:base64-DER:). Empty if no client certificate was presented or if the leaf certificate exceeded 10 KB (see certRFC9440TooLarge).

    Suitable for forwarding to an origin via the Client-Cert HTTP header.

    certRFC9440TooLarge: boolean

    true if the leaf certificate exceeded 10 KB and was omitted from certRFC9440.

    certSerial: string

    The certificate's serial number

    "00936EACBE07F201DF"
    certSKI: string

    The certificate's Subject Key Identifier

    "BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4"
    certSubjectDN: string

    The certificate subject's distinguished name

    "CN=*.cloudflareaccess.com, C=US, ST=Texas, L=Austin, O=Cloudflare"
    certSubjectDNLegacy: string

    The certificate subject's distinguished name (legacy policies)

    certSubjectDNRFC2253: string

    The certificate subject's distinguished name (RFC 2253 formatted)

    "CN=*.cloudflareaccess.com, C=US, ST=Texas, L=Austin, O=Cloudflare"
    certVerified:
        | "SUCCESS"
        | "FAILED:self signed certificate"
        | "FAILED:unable to verify the first certificate"
        | "FAILED:certificate is not yet valid"
        | "FAILED:certificate has expired"
        | "FAILED"

    Result of certificate verification.

    "FAILED:self signed certificate"

    Settings

    Member Visibility

    On This Page

    Properties