Skip to main content
A
alk47655755
Inspiring
September 19, 2019
Question

SSL, Certs & Subject Alternative Name

  • September 19, 2019
  • 2 replies
  • 2114 views

Hi all,

 

My organization is in the process of changing authentication process.  Rather than authenticating using data in the "Subject" attribute in the certificate (which I can parse out from cgi.CERT_SUBJECT), they want to authenticate using the "Subject Alternative Name" attribute extension of the certificate.  However there is no cgi variable (that I am aware of) that I can get the data from that attribute.

 

I've been researching this for weeks, but am stuck.  Anyone have any ideas?

 

I apologize if my terminoligy is used incorrectly above...I'm a pretty good programmer, but SSL/Certs is not my strength.

 

Thank much in advance!

This topic has been closed for replies.

2 replies

WolfShade
WolfShade
Legend
February 6, 2020

I am trying to do the same thing, but with Apache.  We have modded the mod_jk file to set CGI variables for many things, but I am searching for how to get the Subject Alternative Name / Principal Name and I'm not finding what the jkEnvVar variable name is to add.  Anyone?

 

V/r,

 

^ _ ^

H
haxtbh
Inspiring
September 19, 2019

See https://community.adobe.com/t5/ColdFusion/Reading-Current-SSL-Client-Certificate-Data/td-p/2498615

A
alk47655755Author
Inspiring
October 21, 2019

Thank you, haxtbh.

 

Per the link you provided, I was able to output the "Subject Alternative Name" using #x509[1].getSubjectAlternativeNames()#.  

 

However the output is only a partial listing of the "Subject Alternative Name" field.  It displays the sub-field "URL" value, but not the "Principal Name" value.  And the data that I need to authenticate users is in the "Principal Name" sub-field.

 

Help?

A
alk47655755Author
Inspiring
November 19, 2019

Still looking in to this...anyone have an idea?

 

Maybe I'm looking at this the wrong way.  Rather than try to read the certificate as-is, is there a way to configure IIS so that the "Subject Alternative Name" field is fully displayed in a CGI variable?

 

Help?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices