Reputation: 8467
How to access client X.509 certificate from Ruby web service (not Rails)?
How can I access the client X.509 certificate from a Ruby web service? The client is passing a client certificate, and it's fine that the browser is authenticating that for me, but I also want to look at the certificate in my Ruby code.
This is not Rails. I'm looking for an answer using Sinatra, for example. And, from a web server such as nginx or lighttpd.
Upvotes: 1
Views: 886
Answers (1)
Reputation: 8467
Using an Apache web server listening on port 443 with SSL configured, as a reverse proxy to a Thin server running a Sinatra app, for example, I can add these to my Apache VirtualHost configuration:
RequestHeader set SSL-Client-M-Serial %{SSL_CLIENT_M_SERIAL}s
RequestHeader set SSL-Client-S-DN %{SSL_CLIENT_S_DN}s
RequestHeader set SSL-Client-I-DN %{SSL_CLIENT_I_DN}s
Then from my Sinatra code, I can find these values in the Rack environment, for example:
puts "#{request.env['HTTP_SSL_CLIENT_S_DN']}"
I don't have the full client certificate, which is OK since I'm having Apache verify the certificate.
Upvotes: 1
Related Questions
- Ruby Webrick server not able to verify client certificate
- How to verify server SSL certificate?
- Ruby 1.8.7 and Net::HTTP: Making an SSL GET request with client cert?
- How to use a client certificate with HTTPS?
- SSL client certificate auth with ruby (sinatra)
- Getting a web server certificate in ruby
- RestClient failing to GET resource using SSL client certificate
- How to mimic browser X509 client certificate verification without access to HTTP layer
- How to access SSL client certificate from rack app
- Verify client certificate using SSLServer in Ruby