You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Matias Bahlenberg <ma...@itec.se> on 2001/09/21 15:31:13 UTC

SSL environment variables in Tomcat 4.0?

Hi, 

How do I obtain information of the Apache additional environment variables: "SSL_CLIENT_CERT" and "SSL_SERVER_CERT" in Tomcat 4.0?

I am using Tomcat 4.0 (final release) as servlet-container, connected via mod_webapp (WarpConnector) to Apache Web Server 1.3.19.

The Apache Server is configured to handle all SSL, with a secure virtual host on port 443.

In the httpd.conf there is an SSL option, which allows Apache and external connectors, such as JRun and Tomcat, to get information about client and server certificates: 

        SSLOptions +ExportCertData +CompatEnvVars +StrictRequire

Everything works fine, the double authentication works fine, but I do not get any information of the client certificate via Tomcat 4.0. 
To obtain the client certificate information, I use the following code: 

        java.security.cert.X509Certificate certApache = null;
        String certData = request.getHeader("SSL_CLIENT_CERT");
        if(certData!=null) {
            ByteArrayInputStream inStream  = new ByteArrayInputStream(certData.getBytes());
            java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
            certApache = (java.security.cert.X509Certificate)cf.generateCertificate(inStream);
            inStream.close();
        }

        if(certApache!=null) {
            certSubject      = certApache.getSubjectDN().getName();
            certIssuer       = certApache.getIssuerDN().getName();
            certSerialNumber = certApache.getSerialNumber().toString();
        }

I have also tried the above code with Apache-JRun, and it works fine.

Does anyone knows if the connector mod_webapp supports the additional environment variables?
- If so...how?
- If not...is there another connector, which supports SSL variables? Can mod_jk be used as a connector between Apache 1.3.* and Tomcat 4.0?

Matias

Re: SSL environment variables in Tomcat 4.0?

Posted by jean-frederic clere <jf...@fujitsu-siemens.com>.

Matias Bahlenberg wrote:
> 
> Hi,
> 
> How do I obtain information of the Apache additional environment variables: "SSL_CLIENT_CERT" and "SSL_SERVER_CERT" in Tomcat 4.0?
> 
> I am using Tomcat 4.0 (final release) as servlet-container, connected via mod_webapp (WarpConnector) to Apache Web Server 1.3.19.
> 
> The Apache Server is configured to handle all SSL, with a secure virtual host on port 443.
> 
> In the httpd.conf there is an SSL option, which allows Apache and external connectors, such as JRun and Tomcat, to get information about client and server certificates:
> 
>         SSLOptions +ExportCertData +CompatEnvVars +StrictRequire
> 
> Everything works fine, the double authentication works fine, but I do not get any information of the client certificate via Tomcat 4.0.
> To obtain the client certificate information, I use the following code:
> 
>         java.security.cert.X509Certificate certApache = null;
>         String certData = request.getHeader("SSL_CLIENT_CERT");
>         if(certData!=null) {
>             ByteArrayInputStream inStream  = new ByteArrayInputStream(certData.getBytes());
>             java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
>             certApache = (java.security.cert.X509Certificate)cf.generateCertificate(inStream);
>             inStream.close();
>         }
> 
>         if(certApache!=null) {
>             certSubject      = certApache.getSubjectDN().getName();
>             certIssuer       = certApache.getIssuerDN().getName();
>             certSerialNumber = certApache.getSerialNumber().toString();
>         }
> 
> I have also tried the above code with Apache-JRun, and it works fine.
> 
> Does anyone knows if the connector mod_webapp supports the additional environment variables?
> - If so...how?
> - If not...is there another connector, which supports SSL variables? Can mod_jk be used as a connector between Apache 1.3.* and Tomcat 4.0?

Just take the mod_jk from jakarta-tomcat-connectors (using cvs).

I have added the following in httpd.conf for mod_ssl:
+++
<Location /examples>
        SSLRequireSSL
        SSLVerifyClient require
        SSLVerifyDepth 1
        SSLOptions +StdEnvVars +ExportCertData
</Location>
+++

The certificate is not a String but X509Certificate [] (array of certificates).

> 
> Matias