httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matias Visbeek <matias.visb...@vatrox.com>
Subject [users@httpd] Remove carriage returns from certificate
Date Thu, 30 Jul 2015 14:39:24 GMT
Hi,

I'm using the following architecture

Client > Apache HTTP Server > OHS > WLS

Where OHS stands for Oracle Http Server and WLS stands for Oracle Weblogic
Application Server.

Using HTTPS, I've stablished a 2 way SSL configuration for all the segments
in the connection.
WLS uses an specific header called WL-Proxy-Client-Cert which contains the
client certificate encoded in Base64 and then maps one of the DN attributes
to a user for authentication. This is solved in OHS by the use of Weblogic
Plugin wich adds this specific header to the request when setting
SSLOptions +ExportCertData.

This works fine when using the following Client > OHS > WLS. The original
client certificate is passed to Weblogic. But when we add the Apache HTTP
Server, this information needs to be passed manually using RequestHeader
add WL-Proxy-Client-Cert "%{SSL_CLIENT_CERT}s". The thing is that this adds
the Base64 Certificate adding -----BEGIN CERTIFICATE----- -----END
CERTIFICATE----- and various carriage returns (I assume this is due to
OpenSSL) but Weblogic doesn't recognize and requires the Base64 encoding in
just one line without any additional caracters at the begining and the end.

Is there a way to achieve this one line Base 64 certificate? Do I need to
change any configuration? I tried to look for a way of striping those
caracters inside the httpd.conf file but found nothing. Any workaround
suggestion?

Thanks in advance.

Matías Visbeek

Mime
View raw message