Background: we are running some perl pages on windows 2008 and 2012 servers. The web services are managed by IIS. Client browsers are able to connect to the perl pages without any issues and securely. The SSL settings in IIS handle the network traffic and passes a few of the smart card certificates to the perl page as environment variables by default (cert_issuer, cert_serialnumber, cert_subject)

Our site has now been asked to retrieve data from the smart cards that are used to connect to the site. The new data comes off the smart card field Subject Name Alternative. I have been unable so far to find a way to get this value off of the smart card.

The code sample below is the construct we are trying to use to get the data populated in. This is only a prototype code and very small proof-of-concept to see if the value can be obtained. Obviously this does not work in its current form at all. We cannot create a socket as IIS is handling the connections.

use Net::SSLeay;
use Data::Dumper;

print <<EOH;
Content-type: text/html;

<html>
<title>Certs</title>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">

</head>
<body>
EOH

$ssl = Net::SSLeay::SESSION_new();
$certs = Net::SSLeay::dump_peer_certificate($ssl);

print "Certs Dump: ";
print Dumper($certs);
print "<br>\n";

print "</body>\n</html>\n";

[download]

Do I need to set up something in IIS to tell it to create a new environment variable and pass the Subject Name Alternative values into it? Is there another Perl module I should be looking at? Is there another way to get other fields off of the certificate that IIS is not exposing in the environment fields?

Addendum: The solution would hopefully be what can be done in Cold Fusion in the following lines, but converted to Perl. From this point I should hopefully be able to parse out the new fields on the certificate.


<cfset x509 = GetPageContext().getRequest().getAttribute("javax.servle
+t.request.X509Certificate") />
<cfset x509Encoded = #ToBase64(x509[1].getEncoded())#>

[download]

In reply to Retrieve subject alternative name from smart card accessing a perl web page running under IIS by ffrost

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.