PKI Authentication

I am working on project and I need to get the value stored in
SSL_CLIENT_S_DN_CN . We have been doing PKI authentication for
sometime
in PHP by getting the value of $_SERVER["SSL_CLIENT_S_DN_CN"] .

Now that I am trying some stuff in Rails I can't seem to get anywhere.
I try to do what you do above and I get a "Bad Request" when I have
SSLUserName SSL_CLIENT_S_DN_CN in the httpd-ssl.conf file. I am able
to
get up and running when I comment it out.

Here is my config:

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 28800

SSLMutex "file:/var/run/ssl_mutex"

<VirtualHost *:443>
<Proxy balancer://mongrel_cluster>
BalancerMember http://127.0.0.1:3000
</Proxy>

# General setup for the virtual host
ServerName luther.example.com
ServerAdmin root@example.com
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"

RequestHeader set X_FORWARDED_PROTO 'https'
SSLUserName SSL_CLIENT_S_DN_CN

ProxyPass / balancer://mongrel_cluster/
ProxyPassReverse / balancer://mongrel_cluster/
ProxyPreserveHost ON

#Rewrite the REMOTE_USER env variable into the request header
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . -[E=RU:%1]
RequestHeader add X-FORWARDED-User %{RU}e

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile "/usr/local/etc/apache22/ssl/luther.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/apache22/ssl/chain.crt"

SSLCACertificatePath "/usr/local/etc/apache22/ssl.crt"
SSLVerifyClient require
SSLVerifyDepth 10

SSLOptions +StdEnvVars +ExportCertData

</VirtualHost>

And in an controller I am just doing:

<p><%= request.env['SSL_CLIENT_S_DN_CN'] %></p>
also tried
<p><%= request.env['HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN'] %></p>

All I get is blank.

Any advice would be MUCH appreciated