-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tapio,
On 10/28/2011 8:31 AM, Tapio Niemi wrote:
> How do I configure Tomcat to put certain information related to
> SSL request into access log? In particular, I need to log the
> client certificate's O, OU, and CN fields, or if that's not
> possible, at least the serial number of the certificate.
>
> For example, in Apache httpd I can do:
>
> LogFormat "%h %{SSL_CLIENT_M_SERIAL}x %{SSL_PROTOCOL}x
> %{SSL_CIPHER}x"
>
> I already tried: pattern="%{SSL_CLIENT_M_SERIAL}r %h %l %u %t
> "%r" %s %b" on access log valce configuration, which
> caused server not to start
That shouldn't have happened: Tomcat should start with the above log
pattern.
> , and pattern="%{CLIENT_AUTH}r %h %l %u %t "%r" %s %b",
> which just causes "-" to appear on the log.
That's because "CLIENT_AUTH" doesn't appear to be a request attribute.
> Also tried %{SSL_CLIENT_M_SERIAL}x and s with varying results.
Why did you try that? Just guessing?
> I've been searching FAQ, Howtos, Access Log Valve reference and
> even some of the javadocs for answer to no avail without direct
> answer, only being able to make guesses how this would work.
The servlet spec 3.0, section 3.8 is titled "SSL Attributes". You
could start there.
If you can't find a standard request attribute that meets your needs,
you could always write a Filter (or Valve, if it's necessary to run
before the AccessLogValve) that puts anything you want into the
request for logging purposes.
- -chris
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6rFHMACgkQ9CaO5/Lv0PAFMwCffudP6f4zt5w0NfeNNE7QKCTX
CioAoICulhqpxO5vn5ugNKfHDYUWQHrE
=DgCs
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
