[ACFUG Discuss] CGI.CERT_SERVER_SUBJECT: IIS vs Apache

Wed, 14 Oct 2009 12:05:05 -0700 

I have run into a problem that I'm assuming there isn't much I can do
about, but I thought I'd ask hoping I am wrong.  The issue I have is that
we are moving a web application from Windows to Unix in the near future. 
I'm very familiar with IIS and Apache, so I didn't expect any show
stopping issues.  I hit one today in what amounts to a test run.  I'm
running Apache 2.2.13 x64 on Windows 2003 x64.  I'm using ColdFusion 8 x64
as well.  I've got a bit of code that needs to execute:

<cfset variables.id = ListLast(CGI.CERT_SUBJECT,".")>
<cfif isnumeric(variables.id)>
  <cfquery name="GetUser" datasource="#session.datasource#">
        Select  blah blah blah
          From  users
         Where  blah = <cfqueryparam value="#variables.id#"
cfsqltype="CF_SQL_NUMERIC">
  </cfquery>
</cfif>

The key here is CGI.CERT_SUBJECT.  Using IIS, we can require client
certificates and the user is prompted for a pin, at which point their
certificate is passed in via headers to the CF code.  Using Apache, I can
also require client certificates, which prompts the user for a pin.  At
this point I would expect to be able to access CGI.CERT_SUBJECT - but it
comes back as empty each time.

I'm hoping there is an Apache guru reading this right now that can help me
figure out how to make Apache pass this information through like IIS does.
Any help I can get on this would be greatly appreciated.  I've found
several online posts / articles that don't help much:

http://koivi.com/apache-iis-php-server-array.php

http://www.mail-archive.com/tomcat-u...@jakarta.apache.org/msg28232.html

I already have these lines in the httpd.conf:

SSLVerifyClient require
SSLVerifyDepth 2
SSLCertificateFile "sitename.crt"
SSLCertificateKeyFile "sitename.key"
SSLCACertificateFile "root-certs.pem"

I can't find anything else online detailing another possible configurable
item I could change in Apache.


-------------------------------------------------------------
To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------

Reply via email to