Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 56898 invoked by uid 500); 3 Sep 2001 23:21:12 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk Reply-To: tomcat-user@jakarta.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 56763 invoked from network); 3 Sep 2001 23:21:10 -0000 Received: from relay1.pair.com (209.68.1.20) by daedalus.apache.org with SMTP; 3 Sep 2001 23:21:10 -0000 Received: (qmail 25042 invoked from network); 3 Sep 2001 23:20:47 -0000 Received: from pd901eab8.dip.t-dialin.net (HELO factor.mooondock) (217.1.234.184) by relay1.pair.com with SMTP; 3 Sep 2001 23:20:47 -0000 X-pair-Authenticated: 217.1.234.184 Date: Tue, 4 Sep 2001 01:26:15 +0200 (CEST) From: Christoph Ender X-X-Sender: To: cc: Subject: Re: How to access X509 Certificate? In-Reply-To: <3B93A88E.48D973BB@fujitsu-siemens.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N > Christoph Ender wrote: > > Hey all, > > I'm trying to access the certificate that the user has sent to > > authenticate himself. I'm using the Tomcat/Apache combo. Apache correctly > > exports the Certificate to the "SSL_CLIENT_CERT" environment variable, but > > when I try to read "javax.servlet.request.X509Certificate", Tomcat always > > returns null. The list of attributes is always empty. > > I've uncommented JkHTTPSIndicator HTTPS, JkSESSIONIndicator SSL_SESSION_ID, > > JkCIPHERIndicator SSL_CIPHER, JkCERTSIndicator SSL_CLIENT_CERT and set > > JkExtractSSL to On. I'm sure the Ajp13 protocol is used since I've > > disabled everything else. > > What am I missing here? Any help greatly appreciated! On Mon, 3 Sep 2001, jean-frederic clere wrote: > What code are you using? If you're referring to versions: Tomcat is version 3.2.2, Apache 1.3.20, the servlet jar 2.2b. In case you're referring how to check for the certificate :-) : System.out.println(request.isSecure()); System.out.println(request.getProtocol()); System.out.println(request.getScheme()); System.out.println(request.getServerPort()); System.out.println("--- start headernames ---"); enum = request.getHeaderNames(); while (enum.hasMoreElements()) { thisparameter = (String)enum.nextElement(); System.out.println(thisparameter); } System.out.println("--- end headernames --- "); System.out.println("--- start attributenames ---"); enum = request.getAttributeNames(); while (enum.hasMoreElements()) { thisparameter = (String)enum.nextElement(); System.out.println(thisparameter); } System.out.println("--- end attributenames --- "); Object o = request.getAttribute("javax.servlet.request.X509Certificate"); if (o == null) System.out.println("request.getAttribute(\"javax.servlet.request.X509Certificate\") == null."); These lines produce the following output: true HTTP/1.0 https 443 --- start headernames --- accept accept-charset pragma accept-encoding host accept-language connection user-agent --- end headernames --- --- start attributenames --- --- end attributenames --- request.getAttribute("javax.servlet.request.X509Certificate") == null. Regards, Christoph.