[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: [users@httpd] Remove carriage returns from certificate
From: Matias Visbeek <matias.visbeek () vatrox ! com>
Date: 2015-07-30 14:39:24
Message-ID: CAP2vGN2=c1i6ok+qLcbByr4J6_x3AoWVO_nX45KrZJ+i36m6AQ () mail ! gmail ! com
[Download RAW message or body]
Hi,
I'm using the following architecture
Client > Apache HTTP Server > OHS > WLS
Where OHS stands for Oracle Http Server and WLS stands for Oracle Weblogic
Application Server.
Using HTTPS, I've stablished a 2 way SSL configuration for all the segments
in the connection.
WLS uses an specific header called WL-Proxy-Client-Cert which contains the
client certificate encoded in Base64 and then maps one of the DN attributes
to a user for authentication. This is solved in OHS by the use of Weblogic
Plugin wich adds this specific header to the request when setting
SSLOptions +ExportCertData.
This works fine when using the following Client > OHS > WLS. The original
client certificate is passed to Weblogic. But when we add the Apache HTTP
Server, this information needs to be passed manually using RequestHeader
add WL-Proxy-Client-Cert "%{SSL_CLIENT_CERT}s". The thing is that this adds
the Base64 Certificate adding -----BEGIN CERTIFICATE----- -----END
CERTIFICATE----- and various carriage returns (I assume this is due to
OpenSSL) but Weblogic doesn't recognize and requires the Base64 encoding in
just one line without any additional caracters at the begining and the end.
Is there a way to achieve this one line Base 64 certificate? Do I need to
change any configuration? I tried to look for a way of striping those
caracters inside the httpd.conf file but found nothing. Any workaround
suggestion?
Thanks in advance.
Mat=C3=ADas Visbeek
[Attachment #3 (text/html)]
<div dir="ltr"><div>Hi,</div><div><br></div><div>I'm using the following \
architecture</div><div><br></div><div>Client > Apache HTTP Server > OHS > \
WLS</div><div><br></div><div>Where OHS stands for Oracle Http Server and WLS stands \
for Oracle Weblogic Application Server.</div><div><br></div><div>Using HTTPS, \
I've stablished a 2 way SSL configuration for all the segments in the connection. \
</div><div>WLS uses an specific header called WL-Proxy-Client-Cert which contains the \
client certificate encoded in Base64 and then maps one of the DN attributes to a user \
for authentication. This is solved in OHS by the use of Weblogic Plugin wich adds \
this specific header to the request when setting SSLOptions \
+ExportCertData.</div><div><br></div><div>This works fine when using the following \
Client > OHS > WLS. The original client certificate is passed to Weblogic. But \
when we add the Apache HTTP Server, this information needs to be passed manually \
using RequestHeader add WL-Proxy-Client-Cert "%{SSL_CLIENT_CERT}s". The \
thing is that this adds the Base64 Certificate adding -----BEGIN CERTIFICATE----- \
-----END CERTIFICATE----- and various carriage returns (I assume this is due to \
OpenSSL) but Weblogic doesn't recognize and requires the Base64 encoding in just \
one line without any additional caracters at the begining and the \
end.</div><div><br></div><div>Is there a way to achieve this one line Base 64 \
certificate? Do I need to change any configuration? I tried to look for a way of \
striping those caracters inside the httpd.conf file but found nothing. Any workaround \
suggestion?</div><div><br></div><div>Thanks in \
advance.</div><div><br></div><div>MatÃas Visbeek</div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic