Can not get SSL Client Certificate
Hi, I have been trying to get SSL client certificate during a client authenticated SSL session. I am using Apache 2.0 with Tomcat 4.1.27. Everything works succesfully: when I want to open a SSL protected JSP page my browser asks for my client certificate and verifies it. But when I try to get client certificate using request.getHeader(SSL_CLIENT_CERT) it returns null. Also request.getAuthType() and request.getUserPrincipal() return null value. Following is the relevant part from our httpd.conf file: VirtualHost dune.net:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile conf/ssl/server.crt SSLCertificateKeyFile conf/ssl/server.key JkExtractSSL On JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT /VirtualHost SSLVerifyClient require SSLVerifyDepth 2 SSLCACertificateFile C:/Program Files/Apache Group/Apache2/conf/ssl/ca.cer SSLCACertificatePath C:/Program Files/Apache Group/Apache2/conf/ssl SSLCACertificateFile C:/Program Files/Apache Group/Apache2/conf/ssl/rootca.cer IfModule !mod_jk.c LoadModule jk_module C:/Program Files/Apache Group/Apache2/modules/mod_jk.dll /IfModule JkWorkersFile C:/Program Files/Apache Tomcat 4.0/conf/workers.properties JkLogFile C:/Program Files/Apache Tomcat 4.0/logs/mod_jk.log JkLogLevel info JkMount /examples/* ajp13 Also our ssl.conf file includes the following lines : SSLOptions +StdEnvVars +ExportCertData JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories JkMount /demo/* ajp13 JkExtractSSL On JkEnvVar SSL_CLIENT_CERT UNSET What should I do to read the client certificate? Any help is welcome... _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can not get SSL Client Certificate
First thing I would try is putting your LoadModule line ABOVE every line that uses Jk*, such as: JkExtractSSL On JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT As positioned in your post, the lines shown above would have no effect if Jk wasn't loaded until later. John Elif Akten wrote: Hi, I have been trying to get SSL client certificate during a client authenticated SSL session. I am using Apache 2.0 with Tomcat 4.1.27. Everything works succesfully: when I want to open a SSL protected JSP page my browser asks for my client certificate and verifies it. But when I try to get client certificate using request.getHeader(SSL_CLIENT_CERT) it returns null. Also request.getAuthType() and request.getUserPrincipal() return null value. Following is the relevant part from our httpd.conf file: VirtualHost dune.net:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile conf/ssl/server.crt SSLCertificateKeyFile conf/ssl/server.key JkExtractSSL On JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT /VirtualHost SSLVerifyClient require SSLVerifyDepth 2 SSLCACertificateFile C:/Program Files/Apache Group/Apache2/conf/ssl/ca.cer SSLCACertificatePath C:/Program Files/Apache Group/Apache2/conf/ssl SSLCACertificateFile C:/Program Files/Apache Group/Apache2/conf/ssl/rootca.cer IfModule !mod_jk.c LoadModule jk_module C:/Program Files/Apache Group/Apache2/modules/mod_jk.dll /IfModule JkWorkersFile C:/Program Files/Apache Tomcat 4.0/conf/workers.properties JkLogFile C:/Program Files/Apache Tomcat 4.0/logs/mod_jk.log JkLogLevel info JkMount /examples/* ajp13 Also our ssl.conf file includes the following lines : SSLOptions +StdEnvVars +ExportCertData JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories JkMount /demo/* ajp13 JkExtractSSL On JkEnvVar SSL_CLIENT_CERT UNSET What should I do to read the client certificate? Any help is welcome... _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can not get SSL Client Certificate
Try: X509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request.X509Certificate); Elif Akten [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I have been trying to get SSL client certificate during a client authenticated SSL session. I am using Apache 2.0 with Tomcat 4.1.27. Everything works succesfully: when I want to open a SSL protected JSP page my browser asks for my client certificate and verifies it. But when I try to get client certificate using request.getHeader(SSL_CLIENT_CERT) it returns null. Also request.getAuthType() and request.getUserPrincipal() return null value. Following is the relevant part from our httpd.conf file: VirtualHost dune.net:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile conf/ssl/server.crt SSLCertificateKeyFile conf/ssl/server.key JkExtractSSL On JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT /VirtualHost SSLVerifyClient require SSLVerifyDepth 2 SSLCACertificateFile C:/Program Files/Apache Group/Apache2/conf/ssl/ca.cer SSLCACertificatePath C:/Program Files/Apache Group/Apache2/conf/ssl SSLCACertificateFile C:/Program Files/Apache Group/Apache2/conf/ssl/rootca.cer IfModule !mod_jk.c LoadModule jk_module C:/Program Files/Apache Group/Apache2/modules/mod_jk.dll /IfModule JkWorkersFile C:/Program Files/Apache Tomcat 4.0/conf/workers.properties JkLogFile C:/Program Files/Apache Tomcat 4.0/logs/mod_jk.log JkLogLevel info JkMount /examples/* ajp13 Also our ssl.conf file includes the following lines : SSLOptions +StdEnvVars +ExportCertData JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories JkMount /demo/* ajp13 JkExtractSSL On JkEnvVar SSL_CLIENT_CERT UNSET What should I do to read the client certificate? Any help is welcome... _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
