[users@httpd] REPOST [users@httpd] SSL: Forwarding user certificate from apache to another server

Wed, 30 Aug 2006 23:53:54 -0700 


--- Milan Tomic <[EMAIL PROTECTED]> wrote:

> 
> Users log into apache through SSL and I'm forwarding user cert from apache to 
> (another) app
> server. The problem is that user cert, which is sent as HTTP header param 
> (base64 encoded),
> spans
> several lines:
> 
> GET /LoginTest/servletheaderview HTTP/1.1
> Host: duke:4444
> Accept: */*
> Accept-Language: sl
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 
> 2.0.50727; .NET CLR
> 1.1.4322)
> SSL_CLIENT_CERT: -----BEGIN CERTIFICATE-----
> MIIFpDCCBIygAwIBAgIEPAtSvjANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJz
> aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3Qt
> *** not all lines were shown ***
> KCY7/laFwZBHMdT/lpjMwt1szHXIFIS4/PcTTpjd4j6Nd2RcWX9uKwsRYUQ7kgfx
> A+cpsvYdoDI=
> -----END CERTIFICATE-----
> 
> Max-Forwards: 10
> Via: 1.1 www.example.com
> X-Forwarded-For: 10.9.72.251
> 
> Well, the actual problem is to parse SSL_CLIENT_CERT variable on iAS, Tomcat 
> or some other
> server.
> Is this standard HTTP 1.1 notation for headers params with multiple lines? Is 
> Apache forwarding
> right? Above shown HTTP request is sent from Apache to iAS server.
> 
> This is what I set in my ssl.conf to tell Apache to forward cert:
> 
> RequestHeader set SSL_CLIENT_CERT %{SSL_CLIENT_CERT}e 
> ProxyPass / http://duke:4444/LoginTest/servletheaderview
> ProxyPassReverse / http://duke:4444/LoginTest/servletheaderview
> 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>    "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to