1 Reply Latest reply on Jan 23, 2008 4:56 PM by Rafael Rossetto

    Why unable to get client certificate serial number?

    LIM BY Newbie

      I am using mod_jk 1.2 with JBoss bundle and Apache2.
      I am follow the instruction from JBoss wiki http://www.jboss.org/wiki/Wiki.jsp?page=UsingMod_jk1.2WithJBoss, and it workable.
      However, the problem which I meet now is I am not able to get the Client Cert's serial number from my Java code. It return "Object was null".

      My code
      ----------------------------------
      Object o = request.getAttribute("javax.servlet.request.X509Certificate");
      if (o != null) {
      X509Certificate certs[] = (X509Certificate[])o;
      X509Certificate cert = certs[0];

      //Get the Serial Number of the digital certs.
      serialNumBig = cert.getSerialNumber();
      serialNum = serialNumBig.intValue();
      System.out.println("Serial Number: "+ serialNum);
      } else {
      System.out.println("Object was null.");
      }
      -----------------------------------

      I try to get configure SSL enable in JBoss without link and using with Apache2. It able to get the Client Cert's serial number.

      May I know which part I had miss out? Anybody able to give me some advice?

      Thank you.

        • 1. Re: Why unable to get client certificate serial number?
          Rafael Rossetto Newbie

          Hi,

          I'm having the same issue. How did you solve it? Can't figure out how to setup Apache mod_jk + ajp13 + client cert chain.

          Looking in the mod_jk.log in the debug mode. I have the following log:
          The interesting thing is that the mod_jk doesn't send the whole certificate, it seems to truncate it.

          Why does the mod_jk does it? Is it misconfigured?

          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] uri_worker_map_update::jk_uri_worker_map.c (786): File /etc/httpd/conf/uriworkermap.properties is not modified
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] map_uri_to_worker::jk_uri_worker_map.c (678): Found session identifier ';jsessionid=rkx1vvqyIC4B9H24XVEogA**.node1' in url '/consignacao/inicial.do;jsessionid=rkx1vvqyIC4B9H24XVEogA**.node1'
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] map_uri_to_worker::jk_uri_worker_map.c (682): Attempting to map URI '/consignacao/inicial.do' from 10 maps
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] find_match::jk_uri_worker_map.c (503): Attempting to map context URI '/internet_base/*=loadbalancer' source 'uriworkermap'
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] find_match::jk_uri_worker_map.c (503): Attempting to map context URI '/jmx-console/*=loadbalancer' source 'uriworkermap'
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] find_match::jk_uri_worker_map.c (503): Attempting to map context URI '/web-console/*=loadbalancer' source 'uriworkermap'
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] find_match::jk_uri_worker_map.c (503): Attempting to map context URI '/consignacao/*=loadbalancer' source 'uriworkermap'
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] find_match::jk_uri_worker_map.c (516): Found a wildchar match '/consignacao/*=loadbalancer'
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] jk_handler::mod_jk.c (2222): Into handler jakarta-servlet worker=loadbalancer r->proxyreq=0
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] wc_get_worker_for_name::jk_worker.c (115): found a worker loadbalancer
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] wc_maintain::jk_worker.c (323): Maintaining worker loadbalancer
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] maintain_workers::jk_lb_worker.c (556): decay with 2^95
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] wc_get_name_for_type::jk_worker.c (292): Found worker type 'lb'
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] init_ws_service::mod_jk.c (775): SSL client certificate (5558 bytes): -----BEGIN CERTIFICATE-----
          MIIFsjCCBJqgAwIBAgIERDVUhDANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJC
          UjETMBEGA1UEChMKSUNQLUJyYXNpbDE1MDMGA1UECxMsQXV0b3JpZGFkZSBDZXJ0
          ...
          skiping the whole certificate
          ...
          Hcr23ijE9hMUvHrKpIQgHb6xIUa5WUFW1er+ms4ViuDgZSHWuwIi3dhXGlaLWkah
          mGkm/0/nH+fd5KAK4tR234nc6iZ5Dg==
          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----
          MIIFlTCCBH2gAwIBAgISMjAwNjA0MDcxNTM2NDYwMDAxMA0GCSqGSIb3DQEBBQUA
          MFAxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMSwwKgYDVQQDEyNB
          ...
          skiping the whole certificate
          ...
          YaAQAK0TZ14JCLipeAnivAoR+7OsIT9gk6JF+C2fQDkAWd/GX+PPsnSGJvUntoz/
          CKCkL+YS/e1kh3EqUMEXYmTKZm9lwDpzZSPVdpRieCqQNtcjXm5R2L8=
          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----
          MIIEODCCAyCgAwIBAgIBFTANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIx
          EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h
          ...
          skiping the whole certificate
          ...
          Kr1tz8mC+Wd8WR8ieeWwcEDt7frV1vXHSeqA8n0QwaNWfYneDWqklcr7Z9Z6bu6B
          yQfHRF6V/bSFpw6nZkYHZs7JO3w+3wmyJvc7Tg==
          -----END CERTIFICATE-----

          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] init_ws_service::mod_jk.c (888): Service protocol=HTTP/1.1 method=GET host=(null) addr=10.8.1.74 name=www.trt9.gov.br port=8443 auth=(null) user=(null) laddr=10.1.2.62 raddr=10.8.1.74 uri=/consignacao/inicial.do;jsessionid=rkx1vvqyIC4B9H24XVEogA**.node1
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] service::jk_lb_worker.c (940): service sticky_session=1 id='rkx1vvqyIC4B9H24XVEogA**.node1'
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] service::jk_lb_worker.c (962): service worker=node1 route=node1
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_get_endpoint::jk_ajp_common.c (2579): acquired connection pool slot=0
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_marshal_into_msgb::jk_ajp_common.c (553): ajp marshaling done
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_service::jk_ajp_common.c (2050): processing node1 with 2 retries
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_send_request::jk_ajp_common.c (1352): (node1) all endpoints are disconnected, detected by connect check (0), cping (0), send (0)
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] jk_open_socket::jk_connect.c (448): socket TCP_NODELAY set to On
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] jk_open_socket::jk_connect.c (548): trying to connect socket 19 to 10.1.2.62:8009
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] jk_open_socket::jk_connect.c (574): socket 19 connected to 10.1.2.62:8009
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connect_to_endpoint::jk_ajp_common.c (878): Connected socket 19 to (10.1.2.62:8009)
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): sending to ajp13 pos=4 len=6047 max=8192
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0000 12 34 17 9B 02 02 00 08 48 54 54 50 2F 31 2E 31 - .4......HTTP/1.1
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0010 00 00 41 2F 63 6F 6E 73 69 67 6E 61 63 61 6F 2F - ..A/consignacao/
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0020 69 6E 69 63 69 61 6C 2E 64 6F 3B 6A 73 65 73 73 - inicial.do;jsess
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0030 69 6F 6E 69 64 3D 72 6B 78 31 76 76 71 79 49 43 - ionid=rkx1vvqyIC
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0040 34 42 39 48 32 34 58 56 45 6F 67 41 2A 2A 2E 6E - 4B9H24XVEogA**.n
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0050 6F 64 65 31 00 00 09 31 30 2E 38 2E 31 2E 37 34 - ode1...10.8.1.74
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0060 00 FF FF 00 0F 77 77 77 2E 74 72 74 39 2E 67 6F - .....www.trt9.go
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0070 76 2E 62 72 00 20 FB 01 00 08 A0 01 00 03 2A 2F - v.br..........*/
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0080 2A 00 00 0F 41 63 63 65 70 74 2D 4C 61 6E 67 75 - *...Accept-Langu
          .
          .
          .
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 0190 31 00 07 15 B6 2D 2D 2D 2D 2D 42 45 47 49 4E 20 - 1....-----BEGIN.
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 01a0 43 45 52 54 49 46 49 43 41 54 45 2D 2D 2D 2D 2D - CERTIFICATE-----
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 01b0 0A 4D 49 49 46 73 6A 43 43 42 4A 71 67 41 77 49 - .MIIFsjCCBJqgAwI
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 01c0 42 41 67 49 45 52 44 56 55 68 44 41 4E 42 67 6B - BAgIERDVUhDANBgk
          .
          .
          .
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 03e0 42 42 51 41 44 67 59 30 41 4D 49 47 4A 41 6F 47 - BBQADgY0AMIGJAoG
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 03f0 42 41 4E 4B 39 2F 79 2B 42 0A 49 65 4A 51 59 57 - BANK9/y+B.IeJQYW
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_send_request::jk_ajp_common.c (1395): (node1) request body to send 0 - request body to resend 0
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=47 max=8192
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0000 04 02 57 00 19 46 61 6C 68 61 20 69 6E 65 73 70 - ..W..Falha.inesp
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0010 65 72 61 64 61 20 6E 6F 20 6C 6F 67 69 6E 00 00 - erada.no.login..
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0020 01 A0 01 00 09 74 65 78 74 2F 68 74 6D 6C 00 00 - .....text/html..
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_unmarshal_response::jk_ajp_common.c (608): status = 599
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_unmarshal_response::jk_ajp_common.c (615): Number of headers is = 1
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_unmarshal_response::jk_ajp_common.c (671): Header[0] [Content-Type] = [text/html]
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=1173 max=8192
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0000 03 04 91 0D 0A 0D 0A 3C 21 44 4F 43 54 59 50 45 - .......<!DOCTYPE
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0010 20 68 74 6D 6C 0D 0A 50 55 42 4C 49 43 20 22 2D - .html..PUBLIC."-
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0020 2F 2F 57 33 43 2F 2F 44 54 44 20 58 48 54 4D 4C - //W3C//DTD.XHTML
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0030 20 31 2E 30 20 54 72 61 6E 73 69 74 69 6F 6E 61 - .1.0.Transitiona
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0040 6C 2F 2F 45 4E 22 0D 0A 22 68 74 74 70 3A 2F 2F - l//EN".."http://
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0050 77 77 77 2E 77 33 2E 6F 72 67 2F 54 52 2F 78 68 - www.w3.org/TR/xh
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0060 74 6D 6C 31 2F 44 54 44 2F 78 68 74 6D 6C 31 2D - tml1/DTD/xhtml1-
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0070 74 72 61 6E 73 69 74 69 6F 6E 61 6C 2E 64 74 64 - transitional.dtd
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0080 22 3E 0D 0A 0D 0A 3C 68 74 6D 6C 3E 0D 0A 09 3C - ">.......<
          .
          .
          .
          .
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ws_write::mod_jk.c (455): written 1169 out of 1169
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=4 max=8192
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0000 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=2 max=8192
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0000 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_process_callback::jk_ajp_common.c (1661): AJP13 protocol: Reuse is OK
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_reset_endpoint::jk_ajp_common.c (691): (node1) resetting endpoint with sd = 19
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] ajp_done::jk_ajp_common.c (2522): recycling connection pool slot=0 for worker node1
          [Wed Jan 23 19:35:22 2008]loadbalancer www.trt9.gov.br 0.018127
          [Wed Jan 23 19:35:22 2008][12604:3086853840] [debug] jk_handler::mod_jk.c (2348): Service finished with status=599 for worker=loadbalancer

          Thanks,
          Rafael