Re: Can not get SSL Client Certificate

Wed, 03 Sep 2003 20:59:22 -0700 

Try:
   X509Certificate [] certs =
          (X509Certificate
[])request.getAttribute("javax.servlet.request.X509Certificate");

"Elif Akten" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
> I have been trying to get SSL client certificate during a client
> authenticated SSL session. I am using Apache 2.0 with Tomcat 4.1.27.
> Everything works succesfully: when I want to open a SSL protected JSP page
> my browser asks for my client certificate and verifies it. But when I try
to
> get client certificate using request.getHeader("SSL_CLIENT_CERT") it
returns
> null. Also request.getAuthType() and request.getUserPrincipal() return
null
> value. Following is the relevant part from our httpd.conf file:
>
> <VirtualHost dune.net:443>
> SSLEngine On
> SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile conf/ssl/server.crt
> SSLCertificateKeyFile conf/ssl/server.key
>
> JkExtractSSL On
> JkHTTPSIndicator HTTPS
> JkSESSIONIndicator SSL_SESSION_ID
> JkCIPHERIndicator SSL_CIPHER
> JkCERTSIndicator SSL_CLIENT_CERT
> </VirtualHost>
>
> SSLVerifyClient require
> SSLVerifyDepth 2
> SSLCACertificateFile "C:/Program Files/Apache
Group/Apache2/conf/ssl/ca.cer"
> SSLCACertificatePath "C:/Program Files/Apache Group/Apache2/conf/ssl"
> SSLCACertificateFile "C:/Program Files/Apache
> Group/Apache2/conf/ssl/rootca.cer"
>
> <IfModule !mod_jk.c>
> LoadModule jk_module "C:/Program Files/Apache
> Group/Apache2/modules/mod_jk.dll"
> </IfModule>
>
> JkWorkersFile "C:/Program Files/Apache Tomcat 4.0/conf/workers.properties"
> JkLogFile "C:/Program Files/Apache Tomcat 4.0/logs/mod_jk.log"
> JkLogLevel info
> JkMount /examples/* ajp13
>
> Also our ssl.conf file includes the following lines :
>
> SSLOptions +StdEnvVars +ExportCertData
> JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories
> JkMount /demo/* ajp13
> JkExtractSSL On
> JkEnvVar SSL_CLIENT_CERT "<UNSET>"
>
> What should I do to read the client certificate? Any help is welcome...
>
> _________________________________________________________________
> The new MSN 8: advanced junk mail protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to