I am working on project and I need to get the value stored in SSL_CLIENT_S_DN_CN . We have been doing PKI authentication for sometime in PHP by getting the value of $_SERVER["SSL_CLIENT_S_DN_CN"] .
Now that I am trying some stuff in Rails I can't seem to get anywhere. I try to do what you do above and I get a "Bad Request" when I have SSLUserName SSL_CLIENT_S_DN_CN in the httpd-ssl.conf file. I am able to get up and running when I comment it out.
Here is my config:
SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512
Listen 443
AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)" SSLSessionCacheTimeout 28800
SSLMutex "file:/var/run/ssl_mutex"
<VirtualHost *:443> <Proxy balancer://mongrel_cluster> BalancerMember http://127.0.0.1:3000 </Proxy>
# General setup for the virtual host ServerName luther.example.com ServerAdmin root@example.com ErrorLog "/var/log/httpd-error.log" TransferLog "/var/log/httpd-access.log"
RequestHeader set X_FORWARDED_PROTO 'https' SSLUserName SSL_CLIENT_S_DN_CN
ProxyPass / balancer://mongrel_cluster/ ProxyPassReverse / balancer://mongrel_cluster/ ProxyPreserveHost ON
#Rewrite the REMOTE_USER env variable into the request header RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . -[E=RU:%1] RequestHeader add X-FORWARDED-User %{RU}e
SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/etc/apache22/ssl/luther.crt" SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/privkey.pem" SSLCertificateChainFile "/usr/local/etc/apache22/ssl/chain.crt"
SSLCACertificatePath "/usr/local/etc/apache22/ssl.crt" SSLVerifyClient require SSLVerifyDepth 10
SSLOptions +StdEnvVars +ExportCertData
</VirtualHost>
And in an controller I am just doing:
<p><%= request.env['SSL_CLIENT_S_DN_CN'] %></p> also tried <p><%= request.env['HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN'] %></p>
All I get is blank.
Any advice would be MUCH appreciated
