堆栈内存溢出
  简体   繁体   English

Java从Apache标头接收证书%{SSL_CLIENT_S_DN}

[英]Java receiving certificate %{SSL_CLIENT_S_DN} from Apache headers

 原文  2013-12-31 08:31:52       java/ ssl/ certificate/ smartcard/ apache2.2

问题描述

I'm using Apache as reverse/proxy server. 我正在使用Apache作为反向/代理服务器。 I've configured Apache 2.2 to require client certificate based authentication and I'm sending information of the certificate from Apache like this: 我已经将Apache 2.2配置为要求基于客户端证书的身份验证,并且我正在从Apache发送证书信息,如下所示: 

SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 1

SSLOptions +StdEnvVars +StrictRequire +ExportCertData

RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

I would like to receive those successfully to Java side.. 我想成功地将这些接收到Java端。

I can see that those headers working fine, from Apache log file, but I'm still wondering how to receive those wanted headers to backend side. 我可以从Apache日志文件中看到这些标头工作正常,但是我仍然想知道如何将那些想要的标头接收到后端。 I'm using java se request.getHeaderNames() method and I can see headers from current page, but not those desired ones. 我正在使用java se request.getHeaderNames()方法,可以看到当前页面的标题,但看不到那些想要的标题。 I'm using ajp to receive headers from Apache.. 我正在使用ajp从Apache接收标头。

The SSL handshake is made so many times and I can see many different headers from the log even "referred" by the same page.. Is it possible to save those specific headers somehow to session/stickysession so those would be readable since then when desired..? SSL握手已经进行了很多次,我甚至可以从同一页面“引用”的日志中看到许多不同的标头。是否可以将这些特定标头保存到会话/粘性会话中,以便从那时起便可以读取它们了..?

2 个解决方案

解决方案1
 1  2015-07-23 12:12:04

You have to change: 您必须更改: 

RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

By: 通过: 

RequestHeader set X-Client-DN "%{SSL_CLIENT_S_DN_CN}s"
RequestHeader set X-Client-Verify "%{SSL_CLIENT_VERIFY}s"

解决方案2
 0  2016-03-01 07:47:13

Right answer was to set: 正确的答案是:

Header echo ^X-Client 标头echo ^ X-Client

To get desired headers to application (copies everything starting with "X-Client" from request headers to response headers) 要获得所需的应用程序标头(将所有以“ X-Client”开头的内容从请求标头复制到响应标头)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将Apache JKEnvVar SSL_CLIENT_DN从mod_ssl输出到Java,JavaScript或html? - How to out.println Apache JKEnvVar SSL_CLIENT_DN from mod_ssl to java, javascript or html? 是否可以在 Apache Kafka Java 客户端中禁用 SSL 证书验证? - Is it possible to disable SSL certificate verification in Apache Kafka Java client? 在tomcat中获取客户端证书DN - Get client certificate DN in tomcat 在 Java 中选择 SSL 客户端证书 - Choosing SSL client certificate in Java 在 Java 客户端接受服务器的自签名 ssl 证书 - Accept server's self-signed ssl certificate in Java client Apache Http 客户端 SSL 证书错误 - Apache Http Client SSL certificate error Java SSL握手失败-没有客户端证书 - Java SSL handshake failure - no client certificate 带有SSL身份验证的Java SOAP客户端:错误证书 - Java SOAP Client with SSL authentication : bad certificate Java Jersey不发送ssl客户端证书 - Java Jersey not sending ssl client certificate 使用Java客户端进行SSL证书验证 - SSL certificate validation using Java client
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM