tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matias Bahlenberg" <matias.bahlenb...@itec.se>
Subject SSL environment variables in Tomcat 4.0?
Date Fri, 21 Sep 2001 13:31:13 GMT
Hi, 

How do I obtain information of the Apache additional environment variables: "SSL_CLIENT_CERT"
and "SSL_SERVER_CERT" in Tomcat 4.0?

I am using Tomcat 4.0 (final release) as servlet-container, connected via mod_webapp (WarpConnector)
to Apache Web Server 1.3.19.

The Apache Server is configured to handle all SSL, with a secure virtual host on port 443.

In the httpd.conf there is an SSL option, which allows Apache and external connectors, such
as JRun and Tomcat, to get information about client and server certificates: 

        SSLOptions +ExportCertData +CompatEnvVars +StrictRequire

Everything works fine, the double authentication works fine, but I do not get any information
of the client certificate via Tomcat 4.0. 
To obtain the client certificate information, I use the following code: 

        java.security.cert.X509Certificate certApache = null;
        String certData = request.getHeader("SSL_CLIENT_CERT");
        if(certData!=null) {
            ByteArrayInputStream inStream  = new ByteArrayInputStream(certData.getBytes());
            java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
            certApache = (java.security.cert.X509Certificate)cf.generateCertificate(inStream);
            inStream.close();
        }

        if(certApache!=null) {
            certSubject      = certApache.getSubjectDN().getName();
            certIssuer       = certApache.getIssuerDN().getName();
            certSerialNumber = certApache.getSerialNumber().toString();
        }

I have also tried the above code with Apache-JRun, and it works fine.

Does anyone knows if the connector mod_webapp supports the additional environment variables?
- If so...how?
- If not...is there another connector, which supports SSL variables? Can mod_jk be used as
a connector between Apache 1.3.* and Tomcat 4.0?

Matias


Mime
View raw message