如何将标题中的SSL_CLIENT_S_DN_CN证书公用名传递给应用程序

时间:2015-08-13 15:07:56

标签: apache ssl centos apache2.2 mod-ssl

我很长一段时间都在尝试将证书通用名称作为标题中的SSL_CLIENT_S_DN_CN传递给应用程序,但没有运气

这是我的ssl.conf

SetEnvIf SSL_CLIENT_I_DN "^(?!\s*$).+" HAVE_HTTP_SSL_CLIENT_I_DN
SetEnvIf SSL_CLIENT_S_DN "^(?!\s*$).+" HAVE_HTTP_SSL_CLIENT_S_DN
SetEnvIf SSL_CLIENT_S_DN_CN "^(?!\s*$).+" HAVE_HTTP_SSL_CLIENT_S_DN_CN
SetEnvIf SSL_SERVER_S_DN_OU "^(?!\s*$).+" HAVE_HTTP_SSL_SERVER_D_DN_OU
SetEnvIf SSL_CLIENT_VERIFY "^(?!\s*$).+" HAVE_HTTP_SSL_CLIENT_VERIFY
SetEnvIf SSL_CLIENT_S_DN_CN "(null)" !HAVE_HTTP_SSL_CLIENT_S_DN_CN

<Location />
     # add all the SSL_* you need in the internal web application
    RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s"  env=!HAVE_HTTP_SSL_CLIENT_I_DN
    RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s" env=!HAVE_HTTP_SSL_CLIENT_S_DN
    RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" env=!HAVE_HTTP_SSL_CLIENT_S_DN_CN
    RequestHeader set SSL_SERVER_S_DN_OU "%{SSL_SERVER_S_DN_OU}s" env=!HAVE_HTTP_SSL_SERVER_S_DN_OU
    RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s" env=!HAVE_HTTP_SSL_CLIENT_VERIFY
</Location>

如果我正在做错事以及如何将证书通用名称提交给应用程序

,请告诉我

0 个答案:

没有答案