Version 4
Created by jfclere on Mar 14, 2007 12:53 PM. Last modified by jfclere on Feb 17, 2014 6:50 AM.

    Forwarding SSL environment when using http/https proxy:

     

    The variables supported by the servlet interface are the following:

     

     

    javax.servlet.request.X509Certificate

     

    javax.servlet.request.cipher_suite

     

    javax.servlet.request.ssl_session

     

    javax.servlet.request.key_size

     

     

     

    To get the client certificate or any SSL information from the broswer you have to use mod_header to add the SSL information to header. To do that add in httpd.conf of Apache httpd the following:

     

    RequestHeader set SSL_CLIENT_CERT "%s"
RequestHeader set SSL_CIPHER "%s"
RequestHeader set SSL_SESSION_ID "%s"
RequestHeader set SSL_CIPHER_USEKEYSIZE "%s"

     

    Then you need a valve in Tomcat to extract the information from the request Headers.

    See http://anonsvn.jboss.org/repos/jbossweb/sandbox/valves/. (the original code).

    The valve has been integrated in Tomcat and in JBossWeb (since 2007).

     

    Once you have build the valves.jar copy it in server/lib/ and edit server.xml to add:

     

    <Valve className="SSLValve"/>

    in the <Engine/> part of the file.

    15303 Views Categories: Tags: