My organization is in the process of changing authentication process. Rather than authenticating using data in the "Subject" attribute in the certificate (which I can parse out from cgi.CERT_SUBJECT), they want to authenticate using the "Subject Alternative Name" attribute extension of the certificate. However there is no cgi variable (that I am aware of) that I can get the data from that attribute.
I've been researching this for weeks, but am stuck. Anyone have any ideas?
I apologize if my terminoligy is used incorrectly above...I'm a pretty good programmer, but SSL/Certs is not my strength.
Thank much in advance!
Thank you, haxtbh.
Per the link you provided, I was able to output the "Subject Alternative Name" using #x509.getSubjectAlternativeNames()#.
However the output is only a partial listing of the "Subject Alternative Name" field. It displays the sub-field "URL" value, but not the "Principal Name" value. And the data that I need to authenticate users is in the "Principal Name" sub-field.
Still looking in to this...anyone have an idea?
Maybe I'm looking at this the wrong way. Rather than try to read the certificate as-is, is there a way to configure IIS so that the "Subject Alternative Name" field is fully displayed in a CGI variable?
For me i did x509.getSubjectAlternativeNames().toArray() to give me an array of values.
In the array, i saw some values were in binary. If converted those binary values to utf-8, I was able to see one of the strings that I wanted but also with some junk prefixed. I assume the junk portion is just how the value gets encoded, i'm not an expert. I'm thinking i'll just do a rematch to extract the string I want for now until i can decode it better. In my case the string is very specific so i don't think i'll run into problems but i'd need to test this further when I have the time.
I am trying to do the same thing, but with Apache. We have modded the mod_jk file to set CGI variables for many things, but I am searching for how to get the Subject Alternative Name / Principal Name and I'm not finding what the jkEnvVar variable name is to add. Anyone?
^ _ ^