How to get client certificate?

[Albert Latacz]

We are using SSL and validating client identity based on certificate info. Noticed that as request is all data, certs are lost. We have worked our way around it by having a new Server class (based on com.googlecode.utterlyidle.jetty.eclipse.RestServer) that passes on required info from cert as request headers.  Arguably at some point in future we will be behind proxy, so this feels quite right.

This is specific to the system so not so much bothered here but just curious is there a better way of doing this? Did anyone else needed more info from original (wrapped server) request?

I will shut up now.

[Daniel Worthington-Bodart]

No you are absolutely in the right direction as pretty much all CDNs/Proxy will do exactly that (stick it in a header).

There seems to be no actually defactor standard for client cert

Lyft uses x-forwarded-client-cert (Passes the DN not the cert!)

Puppet uses X-Client-DN and X-Client-Cert (with the latter passing the whole cert which makes sense to me) 

Personally I like the X-Forwarded prefix but even though they are trying to replace it with Forwarded header but this doesn't handle certificates either!

--
You received this message because you are subscribed to the Google Groups "utterlyidle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to utterlyidle...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Albert Latacz]

Thanks 

Touched, not typed.