please dont rip this site
Platform SDK: IIS SDK
      [IIS 5.0] [IIS 5.1] [IIS 6.0]

Request.ClientCertificate Collection

The ClientCertificate collection holds fields of keys and values from a security certificate that the client browser passes to the Web server. These fields are specified in the X.509 version 3 standard for public key certificates. Because X.509 is not an official standard, you may notice differences among certificates obtained from certification authorities. For more information, see the X509 Certificate article on the World Wide Web Consortium Web site.

In order to populate the fields of the ClientCertificate collection, both the Web server and the client browser must support the SSL3.0/PCT1.0 protocol. The Web site must have secure sockets layer (SSL) enabled and request client certificates. After SSL is enabled, the URL of the Web site will start with "https://" instead of "http://". The client browser must be capable of sending a certificate. If no certificate is sent, the ClientCertificate collection returns EMPTY.

You must configure your Web server to request client certificates.

To read the values in each field of the ClientCertificate collection, pass in a key name and optional subfield name.

As a security precaution, always encode certificate data (or any request data) before using it. A general method of encoding data is to use Server.HTMLEncode. Another method is to write a short function that tests request data for invalid characters. More information can be found by reading chapter 12 of Writing Secure Code, and using Checklist: ASP Security when you create your ASP applications.


Request.ClientCertificate( Key[SubField] )


Specifies the name of the certification field to retrieve. A client certificate consists of the following fields.
Value Meaning
Certificate A string containing the binary stream of the entire certificate content in ASN.1 format. This is useful to discover if special SubFields are present that are not listed below.
Flags A set of flags that provides additional client certificate information. If Flags is set to 1, a client certificate is present. If Flags is set to 2, the last certificate in this chain is from an unknown issuer.
Issuer A string that contains a list of subfield values containing information about the issuer of the certificate. If this value is specified without a SubField, the ClientCertificate collection returns a comma-separated list of subfields. For example, C=US, O=Verisign, and so on.
SerialNumber A string that contains the certification serial number as an ASCII representation of hexadecimal bytes separated by hyphens (-). For example, 04-67-F3-02.
Subject A string that contains a list of subfield values. The subfield values contain information about the subject of the certificate. If this value is specified without a SubField, the ClientCertificate collection returns a comma-separated list of subfields. For example, C=US, O=Msft, and so on.
ValidFrom A date specifying when the certificate becomes valid. This date follows VBScript format and varies with international settings. For example, in the United States, 9/26/96 11:59:59 P.M.. The year value is displayed as a four-digit number.
ValidUntil A date specifying when the certificate expires. The year value is displayed as a four-digit number.

An optional parameter you can use to a retrieve an individual field in either the Subject or Issuer keys. This parameter is added to the Key parameter as a suffix. For example, IssuerO or SubjectCN. The following table lists some common SubField values.
Value Meaning
C Specifies the name of the country/region of origin.
CN Specifies the common name of the user. (This subfield is only used with the Subject key.)
GN Specifies a given name.
I Specifies a set of initials.
L Specifies a locality.
O Specifies the company or organization name.
OU Specifies the name of the organizational unit.
S Specifies a state or province.
T Specifies the title of the person or organization.

SubField values other than those listed in the preceding table can be identified by their ASN.1 object identifier (OID). The format of the Object Identifier is a list of numbers separated by a period (.). A list of Object Identifiers for your certificate can be obtained from the authority that issued your certificate.


You can iterate through the keys of the ClientCertificate collection, as shown in the following example.


  For Each strKey in Request.ClientCertificate

    Response.Write strkey & " =index.html " & Request.ClientCertificate(strkey) & "<BR>"



The following example retrieves the common name of the company that issued the client certificate.

<%=index.html Request.ClientCertificate("IssuerCN") %>

The following example displays the expiration date of the client certificate.

This certification will expire on 

<%=index.html Request.ClientCertificate("ValidUntil") %>

The following example uses the Flags key to test whether the issuer of the certificate is known.


  Const ceCertPresent =index.html 1

  Const ceUnrecognizedIssuer = 2

  If Request.ClientCertificate("Flags") = ceUnrecognizedIssuer Then

    Response.Write "Unrecognized issuer"

  End If


The following example displays all the fields of a client certificate.

Issuer: <%=Request.ClientCertificate("Issuer")%><br>

Subject: <%=Request.ClientCertificate("Subject")%><br>

<% cer=Request.ClientCertificate("Certificate") %>

Certificate Raw Data: <%=cer%><br>

Certificate length: <%=len(cer)%><br>

Certificate Hex Data:

<% For x=1 To 100 %>


<% Next %>

Applies To

Request Object

See Also


Platforms: Windows 2000 with IIS 5.0 installed, Windows XP with IIS 5.1 installed, Windows Server 2003 family with IIS 6.0 installed

Platform SDK Release: February 2003
What did you think of this topic?
Order a Platform SDK CD


file: /Techref/language/asp/OBJ/ref_vbom_reqoccc.htm, 14KB, , updated: 2004/11/16 16:48, local time: 2024/6/21 12:45,

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF=""> Request.ClientCertificate Collection</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.

Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?

  PICList 2024 contributors:
o List host: MIT, Site host, Top posters @none found
- Page Editors: James Newton, David Cary, and YOU!
* Roman Black of Black Robotics donates from sales of Linistep stepper controller kits.
* Ashley Roll of Digital Nemesis donates from sales of RCL-1 RS232 to TTL converters.
* Monthly Subscribers: Gregg Rew. on-going support is MOST appreciated!
* Contributors: Richard Seriani, Sr.

Welcome to!