Pulling Subject Alt Name - Apache Reverse Proxy PIV CAC Authentication

Question

I have created an apache 2.2 reverse proxy running on red hat.

This proxy will need to accept a client certificate, pull the needed information, and pass that along to an application running locally within the header.

NameVirtualHost *:443
<VirtualHost *:443>
   ServerName SearchHead
   SSLEngine on
   SSLVerifyClient require
   SSLVerifyDepth 5
   SSLCACertificateFile /etc/pki/ca-chain.cert.pem
   ProxyPass / http://127.0.0.1:8000/ retry=0
   ProxyPassReverse / http://127.0.0.1:8000/
   RequestHeader set    SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN_CN}s"
   RequestHeader edit   SSL_CLIENT_S_DN CN=([^,]+) $1
   <Proxy *>
       AddDefaultCharset off
       Order deny,allow
       Allow from all
   </Proxy>
</VirtualHost>

According to documentation: https://httpd.apache.org/docs/2.2/mod/mod_ssl.html I see nothing that will allow me to pull this. Unfortunately, we cannot support a php based solution, nor anything not supported from the Red Hat Enterprise Linux 6 Repos.

DoD middleware states http://www.cac.mil/docs/DoD-CAC-Middleware-Requirements-Release-4.0_v1.01_16Nov2012.pdf Smart Card Logon (1.3.6.1.4.1.311.20.2.2) which lies in the Subject Alt Name of the certificate.

Any thoughts?

Having the same issue. There are variables for Subject fields but nothing for subject alternative names, CN, Email, etc... — KaizenSoze, Sep 06 '16 at 15:50

Pulling Subject Alt Name - Apache Reverse Proxy PIV CAC Authentication

0 Answers0