After hours of trial and error today, I've managed to solve my own problem. That first URL I provided below that details the server variables used by some PHP programmers is correct. Rather than using CGI.CERT_SUBJECT, I have to use CGI.SSL_CLIENT_S_DN_CN to accomplish the same thing. The output is very similar. The real issue I have is that it is not showing up in a dump of the CGI scope, so it took some time to find what I needed. Further, Apache and mod_ssl don't output this info by default, depending on your choice of apache version and installer of course. I had to add this line to my SSL config:
SSLOptions +ExportCertData +StdEnvVars I hope this saves someone else time in the future trying to figure that out. > I have run into a problem that I'm assuming there isn't much I can do > about, but I thought I'd ask hoping I am wrong. The issue I have is that > we are moving a web application from Windows to Unix in the near future. > I'm very familiar with IIS and Apache, so I didn't expect any show > stopping issues. I hit one today in what amounts to a test run. I'm > running Apache 2.2.13 x64 on Windows 2003 x64. I'm using ColdFusion 8 x64 > as well. I've got a bit of code that needs to execute: > > <cfset variables.id = ListLast(CGI.CERT_SUBJECT,".")> > <cfif isnumeric(variables.id)> > <cfquery name="GetUser" datasource="#session.datasource#"> > Select blah blah blah > From users > Where blah = <cfqueryparam value="#variables.id#" > cfsqltype="CF_SQL_NUMERIC"> > </cfquery> > </cfif> > > The key here is CGI.CERT_SUBJECT. Using IIS, we can require client > certificates and the user is prompted for a pin, at which point their > certificate is passed in via headers to the CF code. Using Apache, I can > also require client certificates, which prompts the user for a pin. At > this point I would expect to be able to access CGI.CERT_SUBJECT - but it > comes back as empty each time. > > I'm hoping there is an Apache guru reading this right now that can help me > figure out how to make Apache pass this information through like IIS does. > Any help I can get on this would be greatly appreciated. I've found > several online posts / articles that don't help much: > > http://koivi.com/apache-iis-php-server-array.php > > http://www.mail-archive.com/tomcat-u...@jakarta.apache.org/msg28232.html > > I already have these lines in the httpd.conf: > > SSLVerifyClient require > SSLVerifyDepth 2 > SSLCertificateFile "sitename.crt" > SSLCertificateKeyFile "sitename.key" > SSLCACertificateFile "root-certs.pem" > > I can't find anything else online detailing another possible configurable > item I could change in Apache. > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
