Thanks Boyle, your comments were very helpful.
I moved the directives inside the SSL VH but this was not enough.
Changing the RewriteCond
from :
RewriteCond %{ENV:SSL_CLIENT_S_DN} (.*)
to :
RewriteCond %{SSL:SSL_CLIENT_S_DN} (.*) [NC]
solved my problem.
Regards,
Alpay
2005/10/26, Boyle Owen <[EMAIL PROTECTED]>:
> > -----Original Message-----
> > From: Alpay Ozturk [mailto:[EMAIL PROTECTED]
> >
> > RewriteCond %{ENV:SSL_CLIENT_S_DN} (.*)
> > RewriteRule .* - [E=FORWARD_CERT:%1]
> > RequestHeader add APACHE_CLIENT_CERT_HARD %{FORWARD_CERT}e
> >
> > After this config, I see from tomcat side that APACHE_CLIENT_CERT_HARD
> > is added to http headers but its value is null and I could not find
> > anything to overcome this problem. And nothing is written to the log
> > file in /home/alpayo/rewrite.log.
>
> Remember that client data only gets decrypted after the SSL session is
> established. That means you can only use such data inside an SSL VH. Is this
> where you have these directives?
>
> If nothing is written to the rewrite log, then probably the RewriteCond is
> false. Increase the log level to 9 and maybe it will tell you (I don't know).
>
> Try adding the %{FORWARD_CERT} to the ordinary logfile to see if it contains
> anything (see CustomLog for details).
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
>
> >
> > Does anybody have a solution for this?
> >
> > Thanks and Regards,
> >
> > Alpay
> >
> >
> > 2005/10/25, Boyle Owen <[EMAIL PROTECTED]>:
> > > > -----Original Message-----
> > > > From: Alpay Ozturk [mailto:[EMAIL PROTECTED]
> > > > Sent: Dienstag, 25. Oktober 2005 09:56
> > > > To: users@httpd.apache.org
> > > > Subject: [EMAIL PROTECTED] Pass client certificate thorough
> > > > apache to tomcat
> > > >
> > > >
> > > > Hi All,
> > > >
> > > > I have set up apache and tomcat where ssl requests are handled at
> > > > apache and requests are forwarded to tomcat behind.
> > Apache is handling
> > > > the ssl issues and also requesting a client certificate.
> > No problem so
> > > > far, server and client certificates are exchanged during
> > ssl session
> > > > setup. What I need to do is to forward some of the
> > information in the
> > > > client certificate from apache to tomcat since
> > application running on
> > > > Tomcat needs this information. Can you guide me where to start?
> > >
> > > Probably you want to grab the info as environment variables
> > in apache and then pass them to Tomcat: See
> > >
> > > http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25
> > > http://httpd.apache.org/docs/1.3/env.html#using
> > >
> > > Rgds,
> > > Owen Boyle
> > > Disclaimer: Any disclaimer attached to this message may be ignored.
> > >
> > > >
> > > > Thanks,
> > > >
> > > > Alpay
> > > >
> > > >
> > ---------------------------------------------------------------------
> > > > The official User-To-User support forum of the Apache HTTP
> > > > Server Project.
> > > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > " from the digest: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > > Diese E-mail ist eine private und persönliche
> > Kommunikation. Sie hat keinen Bezug zur Börsen- bzw.
> > Geschäftstätigkeit der SWX Gruppe. This e-mail is of a
> > private and personal nature. It is not related to the
> > exchange or business activities of the SWX Group. Le présent
> > e-mail est un message privé et personnel, sans rapport avec
> > l'activité boursière du Groupe SWX.
> > >
> > >
> > > This message is for the named person's use only. It may
> > contain confidential, proprietary or legally privileged
> > information. No confidentiality or privilege is waived or
> > lost by any mistransmission. If you receive this message in
> > error, please notify the sender urgently and then immediately
> > delete the message and any copies of it from your system.
> > Please also immediately destroy any hardcopies of the
> > message. You must not, directly or indirectly, use, disclose,
> > distribute, print, or copy any part of this message if you
> > are not the intended recipient. The sender's company reserves
> > the right to monitor all e-mail communications through their
> > networks. Any views expressed in this message are those of
> > the individual sender, except where the message states
> > otherwise and the sender is authorised to state them to be
> > the views of the sender's company.
> > >
> > >
> > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > " from the digest: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > " from the digest: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen
> Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a
> private and personal nature. It is not related to the exchange or business
> activities of the SWX Group. Le présent e-mail est un message privé et
> personnel, sans rapport avec l'activité boursière du Groupe SWX.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> " from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
