Hi everybody, Currently I'm developing a servlet that validates with our OCSP service a user certificate received from Apache v1.3.29 (with mod_ssl v2.8.16 and ajp13 workers), but the problem is that I need to extract some data about the correspondent client certificate chain to build the OCSP request and I've not been able to obtain this from Tomcat v4.1.30 (with mod_jk v1.2) all under Linux. I'm pretty sure that it's not a configuration problem because my servlet is already retrieving additional information from mod_jk (i.e. the client certificate, cipher, protocol and other SSL_ environment variables from Apache/mod_ssl).
Anyway, in mod_jk I've tried the following directives: JkEnvVar SSL_CLIENT_CERT_CHAIN_0 SSL_CLIENT_CERT_CHAIN_0 JkEnvVar SSL_CLIENT_CERT_CHAIN_1 SSL_CLIENT_CERT_CHAIN_1 . . etc An then from my Java servlet: String chain0 = (String) request.getAttribute("SSL_CLIENT_CERT_CHAIN_0"); // Also tried it like an X509Certificate object // Variable chain0 appears equal to the string "SSL_CLIENT_CERT_CHAIN_0" X509Certificate[] cert =(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certific ate"); // Only getting one certificate in the array, the correspondent to the SSL client // No certificates from the chain Finally, I've been browsing trough some emails on this list that talk about performance issues with the cert chain extraction so I don´t know if this feature may be unavailable or something like this. Thank you in advance for your help, best regards _______________________ Jesus Luna Garcia CertiVeR (U.E. Funded Project) [EMAIL PROTECTED] http://www.certiver.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]