Hi Apigee team,

Here we want to record some TLS  information(mainly want to know the expiration time of the TLS certificate of the service deployed on apigee, of course other information is also useful) in the Traffic log in apigee, could  you help to advise? Thank you in advance:

I drew a simple flowchart, client (the user requesting the api deployed on apigee), apigee (forwarding the client's request to the virtual-host through nginx and then to the api provider), backend (configured in the target server's specific background service).

1. Regarding apigee, I know that apigee provides some flow variables, which allow us to easily get information such as TLS version and password and record them in Traffic Flow <MessageLogging>.
https://docs.apigee.com/api-platform/system-administration/tls-vars 

2. Regarding the client, when the client provides a TLS/SSL certificate, we can get client.cn client.organization.unit and tls.client.cert.fingerprint tls.client.raw.cert (the last two prefixes are tls. Maybe need to set <ClientProperties> to true). But I didn't find a certificate authority (CA), could you please advide? In addition, there also not found notBefore and notAfter, I tried to use $ssl_client_v_start; $ssl_client_v_end; from nginx and put them in the request header and then log them in Traffic Flow <MessageLogging>, I am not sure if this is the best practice, could you please advide? Thanks.
https://docs.apigee.com/api-platform/system-administration/tls-vars 
https://docs.apigee.com/api-platform/reference/variables-reference#client 

conf_load_balancing_load.balancing.driver.nginx.server.ssl.template.extra2=proxy_set_header...

3. Regarding the Target server, I know that we also have some flow variables, but I can't find the fingerprint, certificate authority (CA), notBefore and notAfter, etc. We hope to be able to record them in the Traffic log to realize before the certificate expires. 
https://docs.apigee.com/api-platform/reference/variables-reference#target