Command Line Interface Reference Guide > The SLB Configuration Menu
/cfg/slb/ssl/authpol/passinfo
Pass Certificate Information to Backend Servers Menu
The authentication policy passinfo option lets you pass the client’s certificate information in the HTTP headers to the back-end servers so they can use user identity information.
By default, all parameters are not set, meaning that the certificate information is not passed to the to back-end servers.
Notes
*If the chosen field is empty in the incoming-traffic, Alteon displays this field without any value. You cannot configure an empty field name in the configuration.
*When a caching policy is enabled on a virtual service, and the cache serves the pages according to the client requests, Alteon does not send the client authentication information to the back-end server.
*This feature is HTTP-dependent and cannot be used with simple SSL offloading, when traffic is directly decrypted and sent to the back-end servers with no manipulation per any SSL protocol.
 
Client Authentication Policy Policy_1 Passinfo Menu]
version - Pass certificate version information to backend server
serial - Pass certificate serial-number to backend server
algo - Pass certificate Signature Algorithm to backend server
issuer - Pass certificate issuer information to backend server
nbefore - Pass certificate 'Not Before' Validity Date to backend server
nafter - Pass certificate 'Not After' Validity Date to backend server
subject - Pass certificate subject to backend server
keytype - Pass certificate Public Key Type to backend server
md5 - Pass certificate MD5 hash to backend server
cert - Pass certificate information to backend server
charset - Set the character set to be used for information
    issorder - Set the order in which the issuer names will be passed
sbjorder - Set the order in which the subject names will be passed
comply - Enable/Disable headers format to comply with 2424SSL headers
cur - Display current passinfo configuration
 
Client Authentication Policy Passinfo Menu 
Command Syntax and Usage
version
 
Specifies whether to pass certificate version information to the back-end server, and the header name to use.
Default: disabled
Header Name Default: CCRT-Version
serial
 
Specifies whether to pass the certificate serial number to the back-end server, and the certificate serial-number header name to use.
Default: disabled
Header Name Default: CCRT-SN
algo
 
Specifies whether to pass the certificate Signature Algorithm to the back-end server, and the certificate signature algorithm header name to use.
Default: disabled
Header Name Default: CCRT-SignatureAlgo
issuer
 
Specifies whether to pass certificate issuer information to the back-end server, and the certificate issuer header name to use.
Default: disabled
Header Name Default: CCRT-Issuer
nbefore
 
Specifies whether to pass certificate ‘Not Before’ Validity Date to the back-end server, and the certificate ‘Not Before Validity Dates’ header name to use.
Default: disabled
Header Name Default: CCRT-NotBefore
nafter
 
Specifies whether to pass certificate ‘Not After’ Validity Date to the back-end server, and the certificate ‘Not After Validity Dates’ header name to use.
Default: disabled
Header Name Default: CCRT-NotAfter
subject
 
Specifies whether to pass certificate subject information to the back-end server, and the certificate subject header name to use.
Default: disabled
Header Name Default: CCRT-Subject
keytype
 
Specifies whether to pass certificate Public Key Type information to the back-end servers, and the certificate Public Key Type header name to use.
Default: disabled
Header Name Default: CCRT-publicKeyType
md5
 
Specifies whether to pass certificate MD5 hash information to the back-end servers, and the certificate MD5 hash header name to use.
Default: disabled
Header Name Default: CCRT-MD5Hash
cert
 
Specifies whether to pass certificate information to the back-end servers, and the certificate header name to use.
Default: disabled
Header Name Default: CCRT-Certificate
If you select y to pass this information, you are prompted for the following:
*Either the header or value.
*The new Certificate Header Lines Format.
Values:
Multi — New lines are started by a return.
Single — Text is wrapped to the next line.
Default: multi
charset ascii|unicode
 
The character set to be used for information.
Note: When using ASCII encoding for sending certificate details, Alteon uses slash (/) as the delimiter between information fields. When using Unicode encoding for sending the certificate details, Alteon uses comma (,) as the delimiter.
Default: ascii
issorder regular|reverse
 
Specifies the order in which the issuer names will be passed.
Default: regular
sbjorder regular|reverse
 
Specifies the order in which the subject names will be passed.
Default: regular
comply disabled|enabled
 
Specifies whether to enable 2424SSL Headers Compliance Mode.
Default: disabled
cur
 
Displays the current pass information status for all settings.