httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bobb, Kirth Andre (US - Arlington)" <kb...@deloitte.com>
Subject RE: [users@httpd] Possible to add edited version of SSL_CLIENT_CERT variable to request header?
Date Thu, 05 Apr 2012 20:22:26 GMT
Igor,
Just out of curiosity. Are you using other .pem files in other <location> blocks?

-----Original Message-----
From: ohaya@cox.net [mailto:ohaya@cox.net] 
Sent: Thursday, April 05, 2012 9:07 AM
To: users@httpd.apache.org
Cc: Igor Cicimov
Subject: Re: [users@httpd] Possible to add edited version of SSL_CLIENT_CERT variable to request
header?

Igor,

The backend (Weblogic) won't accept/parse it.  I am sure, because in one test I did, I had
a RequestHeader with a canned PEM string, without them, and that worked.

Jim


---- Igor Cicimov <icicimov@gmail.com> wrote: 
> Those lines are part of the PEM certificate without them the cert is not
> valid. What is the problem on the backend side with this?
> 
> 
> On Thu, Apr 5, 2012 at 8:27 AM, <ohaya@cox.net> wrote:
> 
> > Hi,
> >
> > I am using Apache (2.2.x) as a proxy.  The Apache is enabled for
> > 2-way/client-authenticated SSL.
> >
> > In one situation (in a specific <Location> section), I need to be able to
> > pass the PEM of the client certificate to the proxied server, with a
> > specific HTTP header name.
> >
> > I've actually been able to pass the raw PEM as an HTTP header using just
> > the RequestHeader directive:
> >
> > RequestHeader    set   "my_ssl_client_cert"    "%{SSL_CLIENT_CERT}e"
> >
> > But, that raw PEM has the "-----BEGIN CERTIFICATE-----" and "-----END
> > CERTIFICATE-----" strings before and after the actual certificate PEM.
> >
> > I've been trying to figure out how to get just the certificate PEM into
> > the HTTP header for awhile, mostly using SetEnvIfNoCase, but when I try
> > that, I always end  up with an empty string or null in the header.
> >
> > Given that I seem to be able to get the PEM from the SSL_CLIENT_CERT
> > envvar, it seems like there SHOULD be a way to get that into a request
> > header, but I haven't been able to do that yet, and am truly stumped, so I
> > was hoping that someone here might know how to do that?
> >
> > Thanks in advance,
> > Jim
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Mime
View raw message