> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Daniele Orlandi
> Sent: 30. juni 1999 00:00
> To: [EMAIL PROTECTED]
> Subject: Personal cert for authentication
>
> Hello,
>
> I often use personal certificates to authenticate users. I
> belive it could be
> easier to match them if the certificate's public key (instead
> of DN) would be
> available in CGI environment.
>
> Is this feasible ?
> nd more important... does this make sense?
>
It is possible - simply enable the following directive in your httpd.conf:
SSLOptions +ExportCertData
>From the documentation:
ExportCertData
When this option is enabled, two additional CGI/SSI environment variables
are created:
SSL_CLIENT_CERT and SSL_SERVER_CERT. These contain the PEM-encoded X.509
Certificates of
client and server for the current HTTPS connection and can be used by CGI
scripts for deeper
Certificate checking. This bloats up the environment a little bit which is
why you have to use this option to
enable it on demand.
vh
Mads Toftum, QDPH
---
I wonder if this will be delivered according to RFC 1149 or RFC 2549.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
