--- Milan Tomic <tomicmilan@xxxxxxxxx> wrote: > > Users log into apache through SSL and I'm forwarding user cert from apache to (another) app > server. The problem is that user cert, which is sent as HTTP header param (base64 encoded), > spans > several lines: > > GET /LoginTest/servletheaderview HTTP/1.1 > Host: duke:4444 > Accept: */* > Accept-Language: sl > Accept-Encoding: gzip, deflate > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR > 1.1.4322) > SSL_CLIENT_CERT: -----BEGIN CERTIFICATE----- > MIIFpDCCBIygAwIBAgIEPAtSvjANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJz > aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3Qt > *** not all lines were shown *** > KCY7/laFwZBHMdT/lpjMwt1szHXIFIS4/PcTTpjd4j6Nd2RcWX9uKwsRYUQ7kgfx > A+cpsvYdoDI= > -----END CERTIFICATE----- > > Max-Forwards: 10 > Via: 1.1 www.example.com > X-Forwarded-For: 10.9.72.251 > > Well, the actual problem is to parse SSL_CLIENT_CERT variable on iAS, Tomcat or some other > server. > Is this standard HTTP 1.1 notation for headers params with multiple lines? Is Apache forwarding > right? Above shown HTTP request is sent from Apache to iAS server. > > This is what I set in my ssl.conf to tell Apache to forward cert: > > RequestHeader set SSL_CLIENT_CERT %{SSL_CLIENT_CERT}e > ProxyPass / http://duke:4444/LoginTest/servletheaderview > ProxyPassReverse / http://duke:4444/LoginTest/servletheaderview > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx