First thing I would try is putting your LoadModule line ABOVE every line that uses "Jk*", such as:
JkExtractSSL On JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT
As positioned in your post, the lines shown above would have no effect if Jk wasn't loaded until later.
John
Elif Akten wrote:
Hi,
I have been trying to get SSL client certificate during a client authenticated SSL session. I am using Apache 2.0 with Tomcat 4.1.27. Everything works succesfully: when I want to open a SSL protected JSP page my browser asks for my client certificate and verifies it. But when I try to get client certificate using request.getHeader("SSL_CLIENT_CERT") it returns null. Also request.getAuthType() and request.getUserPrincipal() return null value. Following is the relevant part from our httpd.conf file:
<VirtualHost dune.net:443>
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
JkExtractSSL On JkHTTPSIndicator HTTPS JkSESSIONIndicator SSL_SESSION_ID JkCIPHERIndicator SSL_CIPHER JkCERTSIndicator SSL_CLIENT_CERT </VirtualHost>
SSLVerifyClient require
SSLVerifyDepth 2
SSLCACertificateFile "C:/Program Files/Apache Group/Apache2/conf/ssl/ca.cer"
SSLCACertificatePath "C:/Program Files/Apache Group/Apache2/conf/ssl"
SSLCACertificateFile "C:/Program Files/Apache Group/Apache2/conf/ssl/rootca.cer"
<IfModule !mod_jk.c>
LoadModule jk_module "C:/Program Files/Apache Group/Apache2/modules/mod_jk.dll"
</IfModule>
JkWorkersFile "C:/Program Files/Apache Tomcat 4.0/conf/workers.properties" JkLogFile "C:/Program Files/Apache Tomcat 4.0/logs/mod_jk.log" JkLogLevel info JkMount /examples/* ajp13
Also our ssl.conf file includes the following lines :
SSLOptions +StdEnvVars +ExportCertData JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories JkMount /demo/* ajp13 JkExtractSSL On JkEnvVar SSL_CLIENT_CERT "<UNSET>"
What should I do to read the client certificate? Any help is welcome...
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
