With Active Server Pages (ASP), you can create a server-side script that extracts the contents of a user's client certificate and saves this information in a text file. By adding this script to SSL secured Web pages, you can effectively catalog and manage the client certificates of users accessing your server.
To obtain client certificate information with ASP<% @Language = VBScript %> <% Response.Buffer = True %>
<%
'Instantiate the ASP FileSystemObject in order
'to create a text file
Set fs = Server.CreateObject("Scripting.FileSystemObject")
'Create text file using append mode
Set outStream = fs.OpenTextFile( "C:\Inetpub\wwwroot\cert.txt", 8, True )
'Save certificate issuer information to text file
outStream.WriteLine( "# Issuer: " & Request.ClientCertificate("Issuer") )
'Extract certificate subject (user) and account information
'from certificate
su = Request.ClientCertificate( "Subject" )
mx = len(su)
for x = 1 to mx
if mid(su,x,1)=chr(10) or mid(su,x,1)=chr(13) then
su=left(su,x-1)+";"+right(su,mx-x)
end if
next
outStream.WriteLine( "# Subject: " & su )
outStream.WriteLine( "# Account: " & Request.ServerVariables("REMOTE_USER") )
'Extract encrypted certificate text from certificate; encode text as 64-bit data
uue = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
outStream.WriteLine( "-----BEGIN CERTIFICATE-----" )
cer = Request.ClientCertificate( "Certificate" )
lcer = len(cer)
l = 0
for x = 1 to lcer step 3
a1 = asc(mid(cer,x,1))
if x+1 <= lcer then
a2 = asc(mid(cer,x+1,1))
if x+2 <=lcer then
a3 = asc(mid(cer,x+2,1))
else
a3 = 0
end if
else
a2 = 0
a3 = 0
end if
outStream.Write mid(uue, (a1 and 252)/4 +1 ,1)
outStream.Write mid(uue, (a1 and 3)*16 + (a2 and 240)/16 +1 ,1)
if x+1 <= lcer then
outStream.Write mid(uue, (a2 and 15)*4 + (a3 and 192)/64 +1 ,1)
if x+2 <= lcer then
outStream.Write mid(uue, (a3 and 63) +1 ,1)
else
outStream.Write "="
end if
else
outStream.Write "=="
end if
l = l +4
if l = 64 then
outStream.WriteLine("")
l = 0
end if
next
if l > 0 then
outStream.WriteLine( "" )
end if
outStream.WriteLine( "-----END CERTIFICATE-----" )
Response.Write "Client certificate information has been received and logged successfully<br>"
%>
Note This example script saves a text file in the C:\Inetpub\wwwroot directory, by default. You can change this directory location to match you Web server's configuration by modifying the script.
Note Using your Web server's certificate mapping feature you can automatically map client certificates to Windows NT accounts. To create a mapping from the information contained in cert.txt, you must copy a specific certificate entry (copy only the text characters between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- text lines), then paste and save this information as a separate text file.