Re: SSL environment variables in Tomcat 4.0?

Fri, 21 Sep 2001 09:16:32 -0700 

Matias Bahlenberg wrote:
> 
> Hi,
> 
> How do I obtain information of the Apache additional environment variables: 
>"SSL_CLIENT_CERT" and "SSL_SERVER_CERT" in Tomcat 4.0?
> 
> I am using Tomcat 4.0 (final release) as servlet-container, connected via mod_webapp 
>(WarpConnector) to Apache Web Server 1.3.19.
> 
> The Apache Server is configured to handle all SSL, with a secure virtual host on 
>port 443.
> 
> In the httpd.conf there is an SSL option, which allows Apache and external 
>connectors, such as JRun and Tomcat, to get information about client and server 
>certificates:
> 
>         SSLOptions +ExportCertData +CompatEnvVars +StrictRequire
> 
> Everything works fine, the double authentication works fine, but I do not get any 
>information of the client certificate via Tomcat 4.0.
> To obtain the client certificate information, I use the following code:
> 
>         java.security.cert.X509Certificate certApache = null;
>         String certData = request.getHeader("SSL_CLIENT_CERT");
>         if(certData!=null) {
>             ByteArrayInputStream inStream  = new 
>ByteArrayInputStream(certData.getBytes());
>             java.security.cert.CertificateFactory cf = 
>java.security.cert.CertificateFactory.getInstance("X.509");
>             certApache = 
>(java.security.cert.X509Certificate)cf.generateCertificate(inStream);
>             inStream.close();
>         }
> 
>         if(certApache!=null) {
>             certSubject      = certApache.getSubjectDN().getName();
>             certIssuer       = certApache.getIssuerDN().getName();
>             certSerialNumber = certApache.getSerialNumber().toString();
>         }
> 
> I have also tried the above code with Apache-JRun, and it works fine.
> 
> Does anyone knows if the connector mod_webapp supports the additional environment 
>variables?
> - If so...how?
> - If not...is there another connector, which supports SSL variables? Can mod_jk be 
>used as a connector between Apache 1.3.* and Tomcat 4.0?

Just take the mod_jk from jakarta-tomcat-connectors (using cvs).

I have added the following in httpd.conf for mod_ssl:
+++
<Location /examples>
        SSLRequireSSL
        SSLVerifyClient require
        SSLVerifyDepth 1
        SSLOptions +StdEnvVars +ExportCertData
</Location>
+++

The certificate is not a String but X509Certificate [] (array of certificates).

> 
> Matias

Reply via email to