• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 532
  • Last Modified:

Apache and oc4j, client certificates

We are using oracle 9ias and its built in apache HTTP/S server.

We have enabled SSL, and we are using client certificates as part of client authentication.

Everything was working fine, Apache had established the two way authentication, and servlets are displayed over an SSL channel.

We need certain fields of the client certificate, but at this point we discovered Apache do not send its SSL related variables to the servlets (running on an OC4J instance)

Does anyone know how pass the SSL related variables of Apache to the servlet on OC4J instance?


I've already posted this question to appservers/oracleias topic. I couldn't be sure whether the concept is more apache related. Sorry for the dublication

Of course the points are dublicated too :)
0
kartaltabak
Asked:
kartaltabak
1 Solution
 
ferdaozdemirCommented:
I've already posted the answer to appservers/oracleias. Hoping it is the right answer, I reanswer to this question for convenience. (and points :))

I assume you already setup the ssl with two way authentication.

You should write the following to make the apache to pass the certificate related data.

SSLOptions +ExportCertData


But, besides, you should write to make oc4j read the SSL variables.

Oc4jExtractSSL On

As far as I know, only one of them will not be enough.

Hope this helps.

-- ferda
0
 
kartaltabakAuthor Commented:
Thank you, this worked...

Could you please tell me where this information is documented?

It seems easy but I had not been able to find the Oc4j related directives...



0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now