How to get SSL_CLIENT_SAN_* env variables * in mod_ssl on apache 2.4 using PKI

Question

I'm new to apache PKI certs and php. I'm trying to find the SSL_CLIENT_SAN_(email) environment variable in the $_SERVER array (php). I can see the other mod_ssl environment variables, but not the SSL_CLIENT_SAN_*.

I'm using wamp, if that has any impact

Is there a config I need to set ?

I already have set:

SSLOptions +StdEnvVars 
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/Apache24ah64/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

I have the following in $_SERVER:

[SSL_TLS_SNI] => SOMESERVERURL 
[SSL_SERVER_S_DN_CN] => SOMESERVERURL
[SSL_SERVER_I_DN_O] => Root CA 
[SSL_SERVER_I_DN_OU] => http://www.cacert.org 
[SSL_SERVER_I_DN_CN] => CA Cert Signing Authority 
[SSL_SERVER_I_DN_Email] => support@cacert.org
[SSL_CLIENT_S_DN_C] => US [
[SSL_CLIENT_S_DN_O] => SOMEOGANIZATION
[SSL_CLIENT_S_DN_OU] => ECA 
[SSL_CLIENT_S_DN_OU_1] => SOMECOMPANY
[SSL_CLIENT_S_DN_OU_2] => SOMECOMPANY 
[SSL_CLIENT_S_DN_CN] =>LastName.FirstName.ABCDEFG1234567.ID 
[SSL_CLIENT_I_DN_C] => US
[SSL_CLIENT_I_DN_O] => SOMEOGANIZATION 
[SSL_CLIENT_I_DN_OU] => ECA
[SSL_CLIENT_I_DN_OU_1] => Certification Authorities
[SSL_CLIENT_I_DN_CN] => SOMEOGANIZATION 
[SSL_VERSION_INTERFACE] => mod_ssl/2.4.9 
[SSL_VERSION_LIBRARY] => OpenSSL/1.0.1g 
[SSL_PROTOCOL**]=> TLSv1.2 
[SSL_SECURE_RENEG] => true 
[SSL_COMPRESS_METHOD] => NULL 
[SSL_CIPHER] => ECDHE-RSA-AES128-GCM-SHA256 
[SSL_CIPHER_EXPORT] =>false
[SSL_CIPHER_USEKEYSIZE] => 128 
[SSL_CIPHER_ALGKEYSIZE] => 128
[SSL_CLIENT_VERIFY] => SUCCESS 
[SSL_CLIENT_M_VERSION] => 3
[SSL_CLIENT_M_SERIAL] => 1EDF 
[SSL_CLIENT_V_START] => Aug 18 18:42:46 2015 GMT 
[SSL_CLIENT_V_END] => Aug 17 18:42:46 2016 GMT
[SSL_CLIENT_V_REMAIN] => 272 
[SSL_CLIENT_S_DN] => CN=LastName.FirstName.ABCDEFG1234567.ID,OU=R2AD,OU=ORC,OU=ECA,O=SOMEOGANIZATION,C=US
[SSL_CLIENT_I_DN] => CN=SOMEOGANIZATION,OU=Certification  Authorities,OU=SOMEOGANIZATION,O=SOMEOGANIZATION,C=US
[SSL_CLIENT_A_KEY] => rsaEncryption 
[SSL_CLIENT_A_SIG] => sha1WithRSAEncryption 
[SSL_SERVER_M_VERSION] => 3
[SSL_SERVER_M_SERIAL] => 116DAF 
[SSL_SERVER_V_START] => Nov 19 11:38:28 2015 GMT 
[SSL_SERVER_V_END] => May 17 11:38:28 2016 GMT
[SSL_SERVER_S_DN] => CN=SOMESERVER 
[SSL_SERVER_I_DN] => emailAddress=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA 
[SSL_SERVER_A_KEY] =>rsaEncryption 
[SSL_SERVER_A_SIG] => sha256WithRSAEncryption
[SSL_SESSION_RESUMED] => Initial

Help is appreciated

score 0 · Answer 1 · answered Nov 20 '15 at 09:16

0

SSL_CLIENT_SAN_* environment variables are present in in apache 2.4.10 and above.

answered Nov 20 '15 at 09:16

garyM

802
2
12
29

How to get SSL_CLIENT_SAN_* env variables * in mod_ssl on apache 2.4 using PKI

1 Answers1