Add the following line to you httpd configuration: JkEnvVar SSL_CLIENT_S_DN none
JkEnvVar SSL_CLIENT_CERT none This will make the client cert and distinguished name available through Apache enviroment variables. Then in Java (within a JSP/servlet): String DN = (String) request.getAttribute("SSL_CLIENT_S_DN"); // can also get the whole cert: SSL_CLIENT_CERT And parse out the common name. Nadeem ________________________________ From: [EMAIL PROTECTED] on behalf of August West Sent: Mon 8/22/2005 12:17 PM To: modssl-users@modssl.org Subject: export client certificate CN? I am currently using mod_ssl to verify client certs. are issued by trusted CAs (e.g. SSLVerifyClient require), but then using username/password for application identification/authorization, passing this to Oracle via Tomcat using JAVA. However, I'd like to be able to use client certs. for I/A by exporting the CN (or perhaps serial number) when verifying. I have tried to add "SSLOptions +ExportCertData", but I am not sure where this data is being exported too! This seemed like the appropriate SSL Option to be able to parse the cert data, but please correct me if I am wrong. Does anyone have any implementation suggestions exporting the CN from client certs, particularly for retrieving this information with JAVA? TIA! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
<<winmail.dat>>