Hi,
I've finally found a solution to getting the SSL_CLIENT_CERT in a Java
Servlet using a win32 server.
The winning configuration was:
OpenSA 0.20 binary install (can't find the OpenSA 0.20 source for love or
money)
JServ 1.0 (Jserv 1.1 didn't provide the cert, it tried to supply the
SSL_CLIENT_DN and SSL_CLIENT_IDN but failed to deliver on both counts)
The code was modified from SuperSnoop (thankyou whoever wrote this!)
out.println("SSL_CLIENT_CERT = \n" +
request.getAttribute("org.apache.jserv.SSL_SERVER_CERT"));
Excerpt from httpd.conf...
# SSL Directives
# see http://www.modssl.org/docs/2.4/ssl_reference.html for more info
SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache none
SSLLog logs/SSL.log
SSLLogLevel info
# You can later change this to "warn" if everything is OK
<VirtualHost localhost:443>
SSLEngine On
SSLCertificateFile conf/ssl/localhost.cert
SSLCertificateKeyFile conf/ssl/localhost.key
SSLCACertificateFile conf/ssl/ca_certs.cert
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +CompatEnvVars +ExportCertData
</VirtualHost>
I hope this post saves someone else the time and effort I spent on this.
Cheers,
Scott
