tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jean-frederic clere <jfrederic.cl...@fujitsu-siemens.com>
Subject Re: SSL environment variables in Tomcat 4.0?
Date Fri, 21 Sep 2001 16:40:01 GMT
Matias Bahlenberg wrote:
> 
> Hi,
> 
> How do I obtain information of the Apache additional environment variables: "SSL_CLIENT_CERT"
and "SSL_SERVER_CERT" in Tomcat 4.0?
> 
> I am using Tomcat 4.0 (final release) as servlet-container, connected via mod_webapp
(WarpConnector) to Apache Web Server 1.3.19.
> 
> The Apache Server is configured to handle all SSL, with a secure virtual host on port
443.
> 
> In the httpd.conf there is an SSL option, which allows Apache and external connectors,
such as JRun and Tomcat, to get information about client and server certificates:
> 
>         SSLOptions +ExportCertData +CompatEnvVars +StrictRequire
> 
> Everything works fine, the double authentication works fine, but I do not get any information
of the client certificate via Tomcat 4.0.
> To obtain the client certificate information, I use the following code:
> 
>         java.security.cert.X509Certificate certApache = null;
>         String certData = request.getHeader("SSL_CLIENT_CERT");
>         if(certData!=null) {
>             ByteArrayInputStream inStream  = new ByteArrayInputStream(certData.getBytes());
>             java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
>             certApache = (java.security.cert.X509Certificate)cf.generateCertificate(inStream);
>             inStream.close();
>         }
> 
>         if(certApache!=null) {
>             certSubject      = certApache.getSubjectDN().getName();
>             certIssuer       = certApache.getIssuerDN().getName();
>             certSerialNumber = certApache.getSerialNumber().toString();
>         }
> 
> I have also tried the above code with Apache-JRun, and it works fine.
> 
> Does anyone knows if the connector mod_webapp supports the additional environment variables?
> - If so...how?
> - If not...is there another connector, which supports SSL variables? Can mod_jk be used
as a connector between Apache 1.3.* and Tomcat 4.0?

Just take the mod_jk from jakarta-tomcat-connectors (using cvs).

I have added the following in httpd.conf for mod_ssl:
+++
<Location /examples>
        SSLRequireSSL
        SSLVerifyClient require
        SSLVerifyDepth 1
        SSLOptions +StdEnvVars +ExportCertData
</Location>
+++

The certificate is not a String but X509Certificate [] (array of certificates).

> 
> Matias

Mime
View raw message