Thanks for sharing. That was certainly tricky. Just want to make sure
everyone knows that this list is archived at
http://www.mail-archive.com/discussion@acfug.org/
John
ma...@fusionlink.com
Mike Staver wrote:
After hours of trial and error today, I've managed to solve my own
problem. That first URL I provided below that details the server
variables used by some PHP programmers is correct. Rather than using
CGI.CERT_SUBJECT, I have to use CGI.SSL_CLIENT_S_DN_CN to accomplish the
same thing. The output is very similar. The real issue I have is that it
is not showing up in a dump of the CGI scope, so it took some time to find
what I needed. Further, Apache and mod_ssl don't output this info by
default, depending on your choice of apache version and installer of
course. I had to add this line to my SSL config:
SSLOptions +ExportCertData +StdEnvVars
I hope this saves someone else time in the future trying to figure that out.
I have run into a problem that I'm assuming there isn't much I can do
about, but I thought I'd ask hoping I am wrong. The issue I have is that
we are moving a web application from Windows to Unix in the near future.
I'm very familiar with IIS and Apache, so I didn't expect any show
stopping issues. I hit one today in what amounts to a test run. I'm
running Apache 2.2.13 x64 on Windows 2003 x64. I'm using ColdFusion 8 x64
as well. I've got a bit of code that needs to execute:
<cfset variables.id = ListLast(CGI.CERT_SUBJECT,".")>
<cfif isnumeric(variables.id)>
<cfquery name="GetUser" datasource="#session.datasource#">
Select blah blah blah
From users
Where blah = <cfqueryparam value="#variables.id#"
cfsqltype="CF_SQL_NUMERIC">
</cfquery>
</cfif>
The key here is CGI.CERT_SUBJECT. Using IIS, we can require client
certificates and the user is prompted for a pin, at which point their
certificate is passed in via headers to the CF code. Using Apache, I can
also require client certificates, which prompts the user for a pin. At
this point I would expect to be able to access CGI.CERT_SUBJECT - but it
comes back as empty each time.
I'm hoping there is an Apache guru reading this right now that can help me
figure out how to make Apache pass this information through like IIS does.
Any help I can get on this would be greatly appreciated. I've found
several online posts / articles that don't help much:
http://koivi.com/apache-iis-php-server-array.php
http://www.mail-archive.com/tomcat-u...@jakarta.apache.org/msg28232.html
I already have these lines in the httpd.conf:
SSLVerifyClient require
SSLVerifyDepth 2
SSLCertificateFile "sitename.crt"
SSLCertificateKeyFile "sitename.key"
SSLCACertificateFile "root-certs.pem"
I can't find anything else online detailing another possible configurable
item I could change in Apache.
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
