in reply to Re^4: Help extracting public key from X509 .cer file
in thread Help extracting public key from X509 .cer file
Assuming your perl script is a CGI script, sense you want to "export it from the browser".
Apache/mod_ssl provides a convenient method of extracting X.509 certificate data.
The ExportCertData option exports two additional environment variables: SSL_CLIENT_CERT and SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server (always existing) and the client (only existing when client authentication is used). This can be used to import the certificates into CGI scripts.
Add +ExportCertData to SSLOptions and the PEM encoded client certificate and issuer certificate(s) will be added to %ENV. The issuing CA certs are named SSL_CLIENT_CERT_CHAIN_xHere is an example CGI that displays the PEM encoded cert info:<FilesMatch "\.(do|cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars +ExportCertData </FilesMatch>
#!/usr/bin/perl use CGI qw(:standard); use CGI::Carp qw(warningsToBrowser fatalsToBrowser); $|=1; print header; print start_html("X.509 Certificate Info"); if ( defined( $ENV{SSL_CLIENT_S_DN} ) ){ print $ENV{SSL_CLIENT_CERT}, "<br />"; } else { print "ERROR: Client certificate not presented to webserver for auth +entication"; } print end_html;
|
|---|