Assuming your perl script is a CGI script, sense you want to "export it from the browser".
Apache/mod_ssl provides a convenient method of extracting X.509 certificate data.
The ExportCertData option exports two additional environment variables: SSL_CLIENT_CERT and SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server (always existing) and the client (only existing when client authentication is used). This can be used to import the certificates into CGI scripts.
Add +ExportCertData to SSLOptions and the PEM encoded client certificate and issuer certificate(s) will be added to %ENV. The issuing CA certs are named SSL_CLIENT_CERT_CHAIN_x
<FilesMatch "\.(do|cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars +ExportCertData
</FilesMatch>
Here is an example CGI that displays the PEM encoded cert info:
#!/usr/bin/perl
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
$|=1;
print header;
print start_html("X.509 Certificate Info");
if ( defined( $ENV{SSL_CLIENT_S_DN} ) ){
print $ENV{SSL_CLIENT_CERT}, "<br />";
} else {
print "ERROR: Client certificate not presented to webserver for auth
+entication";
}
print end_html;
|