Igor, The backend (Weblogic) won't accept/parse it. I am sure, because in one test I did, I had a RequestHeader with a canned PEM string, without them, and that worked. Jim ---- Igor Cicimov <icicimov@xxxxxxxxx> wrote: > Those lines are part of the PEM certificate without them the cert is not > valid. What is the problem on the backend side with this? > > > On Thu, Apr 5, 2012 at 8:27 AM, <ohaya@xxxxxxx> wrote: > > > Hi, > > > > I am using Apache (2.2.x) as a proxy. The Apache is enabled for > > 2-way/client-authenticated SSL. > > > > In one situation (in a specific <Location> section), I need to be able to > > pass the PEM of the client certificate to the proxied server, with a > > specific HTTP header name. > > > > I've actually been able to pass the raw PEM as an HTTP header using just > > the RequestHeader directive: > > > > RequestHeader set "my_ssl_client_cert" "%{SSL_CLIENT_CERT}e" > > > > But, that raw PEM has the "-----BEGIN CERTIFICATE-----" and "-----END > > CERTIFICATE-----" strings before and after the actual certificate PEM. > > > > I've been trying to figure out how to get just the certificate PEM into > > the HTTP header for awhile, mostly using SetEnvIfNoCase, but when I try > > that, I always end up with an empty string or null in the header. > > > > Given that I seem to be able to get the PEM from the SSL_CLIENT_CERT > > envvar, it seems like there SHOULD be a way to get that into a request > > header, but I haven't been able to do that yet, and am truly stumped, so I > > was hoping that someone here might know how to do that? > > > > Thanks in advance, > > Jim > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx