How to Get Client Certificate after HTTPS Authentication

How to Get Client Certificate after HTTPS Authentication

Post by Joyc » Mon, 02 Oct 2000 15:21:22



Dear all,

In HTTP SSL authentication, client sucessfully hands on his/her valid
certificate to server. How can server retrieve content of the certificate
( Environment: OpenSSL + Tomcat in NT ) ?

In Apache httpd.conf file,
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

I try to get the Certificate content by 3 ways. They are returned null.
(1) Get attribute of javax.net.ssl.cipher_suite, and
javax.net.ssl.peer_certificates.

String cipherSuite = (String)
request.getAttribute("javax.net.ssl.cipher_suite");
X509Cert certChain [] = (X509Cert []) request.getAttribute
("javax.net.ssl.peer_certificates");

(2) Get Certificate by calling getUserPrincipal().
java.security.Principal pl = request.getUserPrincipal();

(3) Get value by passing header "SSL_CLIENT_CERT".
String sl = request.getHeader("SSL_CLIENT_CERT");

Please tell me what's wrong (server setting or program code) ?
You are highly appreciated to give me an example.

Best Regards,
Joyce

 
 
 

1. Apache 2.0.39 + ssl + ldap with client certificate authentication

Dear group,
Has anybody tried doing ldap client certificate authentication for an apache
2.0.39 ssl server ?

Our environment is :
RedHat linux 7.1 kernel 2.4.x
apache 2.0.39 (inc. mod_ssl)
openssl-engine-0.9.6g
openldap (on a different redhat linux server)

The apache website has a verisign server certificate, a self-signed CA
certificate and all clients have
certificates in the ldap server signed by this CA.

When clients present their certificate to browse the Apache secure site,
Apache should check the
existence of their certificate in the LDAP server and also the validity of
the contents of the certificate presented.

Kindly provide some direction to any solution or resources related to this
issue.

Any help would be highly appreciated.

TIA
Sarath

2. Good nite Edwin

3. Apache with SSL Client Authentication; per-directory access based upon DN in certificates

4. Debian SID and slmodem with Amilo L730

5. More secure password based HTTP client authentication?

6. FTP programming question

7. SSH Remote access Always getting: Disconnected; authentication error (No further authentication methods available).

8. Apache: forcing frames

9. Client ->(HTTPS) -> Proxy -> (HTTP) -> Server

10. certificates for HTTPS

11. Problem with Certificate Authentication

12. Load balanced HTTPS servers ... single or multiple server certificates ?

13. ipsec certificate authentication fails