Thanks Boyle, your comments were very helpful. I moved the directives inside the SSL VH but this was not enough. Changing the RewriteCond from : RewriteCond %{ENV:SSL_CLIENT_S_DN} (.*) to : RewriteCond %{SSL:SSL_CLIENT_S_DN} (.*) [NC]
solved my problem. Regards, Alpay 2005/10/26, Boyle Owen <[EMAIL PROTECTED]>: > > -----Original Message----- > > From: Alpay Ozturk [mailto:[EMAIL PROTECTED] > > > > RewriteCond %{ENV:SSL_CLIENT_S_DN} (.*) > > RewriteRule .* - [E=FORWARD_CERT:%1] > > RequestHeader add APACHE_CLIENT_CERT_HARD %{FORWARD_CERT}e > > > > After this config, I see from tomcat side that APACHE_CLIENT_CERT_HARD > > is added to http headers but its value is null and I could not find > > anything to overcome this problem. And nothing is written to the log > > file in /home/alpayo/rewrite.log. > > Remember that client data only gets decrypted after the SSL session is > established. That means you can only use such data inside an SSL VH. Is this > where you have these directives? > > If nothing is written to the rewrite log, then probably the RewriteCond is > false. Increase the log level to 9 and maybe it will tell you (I don't know). > > Try adding the %{FORWARD_CERT} to the ordinary logfile to see if it contains > anything (see CustomLog for details). > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > > > > Does anybody have a solution for this? > > > > Thanks and Regards, > > > > Alpay > > > > > > 2005/10/25, Boyle Owen <[EMAIL PROTECTED]>: > > > > -----Original Message----- > > > > From: Alpay Ozturk [mailto:[EMAIL PROTECTED] > > > > Sent: Dienstag, 25. Oktober 2005 09:56 > > > > To: users@httpd.apache.org > > > > Subject: [EMAIL PROTECTED] Pass client certificate thorough > > > > apache to tomcat > > > > > > > > > > > > Hi All, > > > > > > > > I have set up apache and tomcat where ssl requests are handled at > > > > apache and requests are forwarded to tomcat behind. > > Apache is handling > > > > the ssl issues and also requesting a client certificate. > > No problem so > > > > far, server and client certificates are exchanged during > > ssl session > > > > setup. What I need to do is to forward some of the > > information in the > > > > client certificate from apache to tomcat since > > application running on > > > > Tomcat needs this information. Can you guide me where to start? > > > > > > Probably you want to grab the info as environment variables > > in apache and then pass them to Tomcat: See > > > > > > http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25 > > > http://httpd.apache.org/docs/1.3/env.html#using > > > > > > Rgds, > > > Owen Boyle > > > Disclaimer: Any disclaimer attached to this message may be ignored. > > > > > > > > > > > Thanks, > > > > > > > > Alpay > > > > > > > > > > --------------------------------------------------------------------- > > > > The official User-To-User support forum of the Apache HTTP > > > > Server Project. > > > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > " from the digest: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > Diese E-mail ist eine private und persönliche > > Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. > > Geschäftstätigkeit der SWX Gruppe. This e-mail is of a > > private and personal nature. It is not related to the > > exchange or business activities of the SWX Group. Le présent > > e-mail est un message privé et personnel, sans rapport avec > > l'activité boursière du Groupe SWX. > > > > > > > > > This message is for the named person's use only. It may > > contain confidential, proprietary or legally privileged > > information. No confidentiality or privilege is waived or > > lost by any mistransmission. If you receive this message in > > error, please notify the sender urgently and then immediately > > delete the message and any copies of it from your system. > > Please also immediately destroy any hardcopies of the > > message. You must not, directly or indirectly, use, disclose, > > distribute, print, or copy any part of this message if you > > are not the intended recipient. The sender's company reserves > > the right to monitor all e-mail communications through their > > networks. Any views expressed in this message are those of > > the individual sender, except where the message states > > otherwise and the sender is authorised to state them to be > > the views of the sender's company. > > > > > > > > --------------------------------------------------------------------- > > > The official User-To-User support forum of the Apache HTTP > > Server Project. > > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > " from the digest: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP > > Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > " from the digest: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen > Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a > private and personal nature. It is not related to the exchange or business > activities of the SWX Group. Le présent e-mail est un message privé et > personnel, sans rapport avec l'activité boursière du Groupe SWX. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]