Add the following line to you httpd configuration: JkEnvVar SSL_CLIENT_S_DN none
JkEnvVar SSL_CLIENT_CERT none
This will make the client cert and distinguished name available through Apache
enviroment variables.
Then in Java (within a JSP/servlet):
String DN = (String) request.getAttribute("SSL_CLIENT_S_DN"); // can also get
the whole cert: SSL_CLIENT_CERT
And parse out the common name.
Nadeem
________________________________
From: [EMAIL PROTECTED] on behalf of August West
Sent: Mon 8/22/2005 12:17 PM
To: modssl-users@modssl.org
Subject: export client certificate CN?
I am currently using mod_ssl to verify client certs.
are issued by trusted CAs (e.g. SSLVerifyClient
require), but then using username/password for
application identification/authorization, passing this
to Oracle via Tomcat using JAVA. However, I'd like to
be able to use client certs. for I/A by exporting the
CN (or perhaps serial number) when verifying. I have
tried to add "SSLOptions +ExportCertData", but I am
not sure where this data is being exported too! This
seemed like the appropriate SSL Option to be able to
parse the cert data, but please correct me if I am
wrong. Does anyone have any implementation
suggestions exporting the CN from client certs,
particularly for retrieving this information with
JAVA?
TIA!
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
<<winmail.dat>>
