Java receiving certificate %{SSL_CLIENT_S_DN} from Apache headers

Question

I'm using Apache as reverse/proxy server. I've configured Apache 2.2 to require client certificate based authentication and I'm sending information of the certificate from Apache like this:

SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 1

SSLOptions +StdEnvVars +StrictRequire +ExportCertData

RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

I would like to receive those successfully to Java side..

I can see that those headers working fine, from Apache log file, but I'm still wondering how to receive those wanted headers to backend side. I'm using java se request.getHeaderNames() method and I can see headers from current page, but not those desired ones. I'm using ajp to receive headers from Apache..

The SSL handshake is made so many times and I can see many different headers from the log even "referred" by the same page.. Is it possible to save those specific headers somehow to session/stickysession so those would be readable since then when desired..?

Answer 1

You have to change:

RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

By:

RequestHeader set X-Client-DN "%{SSL_CLIENT_S_DN_CN}s"
RequestHeader set X-Client-Verify "%{SSL_CLIENT_VERIFY}s"

Answer 2

Right answer was to set:

Header echo ^X-Client

To get desired headers to application (copies everything starting with "X-Client" from request headers to response headers)