Re: DoD ECA PKI
The cert should be available in SSL_CLIENT_CERT. It's PEM encoded (if it's there at all). http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#ssloptions mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2009/12/21 Chad Baloga : > > Should SSL_CLIENT_CERT appear in the debug info, ie CGI variable, or do you > need to use some sort of function to get it? > >> Assuming that the client cert is used in an SSL negotiation, Try >> SSLOptions +ExportCertData > > > > ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329280 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DoD ECA PKI
Should SSL_CLIENT_CERT appear in the debug info, ie CGI variable, or do you need to use some sort of function to get it? > Assuming that the client cert is used in an SSL negotiation, Try > SSLOptions +ExportCertData ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329279 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: DoD ECA PKI
Assuming that the client cert is used in an SSL negotiation, Try SSLOptions +ExportCertData mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2009/12/19 Chad Baloga : > > We are using Apache on our web servers. Do you know what I need to add to my > virtual host in the httpd file? The CGI variables are currently displaying > empty in the browser. > > ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329272 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: DoD ECA PKI
> We are using Apache on our web servers. Do you know what I need to add to my > virtual host in the httpd file? The CGI variables > are currently displaying empty in the browser. I have no experience using client certificates with Apache & CF. Sorry. If you're not seeing the CGI variables, you may have to change and recompile the CF Apache module, I suppose. Alternatively, can you see any info using the getHttpRequestData function? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more informatio ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329263 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DoD ECA PKI
We are using Apache on our web servers. Do you know what I need to add to my virtual host in the httpd file? The CGI variables are currently displaying empty in the browser. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329261 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DoD ECA PKI
> Has anyone worked with DoD ECA PKI certs? I want to pull information from > the user's cert to verify who they are. Thanks You can configure IIS to require client certificates, and if they're present, IIS will populate CGI variables using some of the cert values. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329260 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
DoD ECA PKI
Has anyone worked with DoD ECA PKI certs? I want to pull information from the user's cert to verify who they are. Thanks ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329258 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
