In addition to the standard CGI variables, you can use the Sun Java System Web Server CGI variables in CGI programs to access information about the client certificate if the server is running in secure mode. The CLIENT_CERT and REVOCATION variables are available only when client certificate-based authentication is enabled.
The following table lists the Sun Java System Web Server CGI variables. The left column lists the variable, and the right column provides a description.
Table 3–1 CGI Variables
Variable |
Description |
---|---|
SERVER_URL |
URL of the server that the client requested |
HTTP_xxx |
An incoming HTTP request header, where xxx is the name of the header |
HTTPS |
ON if the server is in secure mode, otherwise OFF |
HTTPS_KEYSIZE |
Keysize of the SSL handshake (available if the server is in secure mode) |
HTTPS_SECRETKEYSIZE |
Keysize of the secret part of the SSL handshake (available if the server is in secure mode) |
HTTPS_SESSIONID |
Session ID for the connection (available if the server is in secure mode) |
Certificate the client provided (binary DER format) |
|
CLIENT_CERT_SUBJECT_DN |
Distinguished name of the subject of the client certificate |
CLIENT_CERT_SUBJECT_OU |
Organization Unit of the subject of the client certificate |
CLIENT_CERT_SUBJECT_O |
Organization of the subject of the client certificate |
CLIENT_CERT_SUBJECT_C |
Country of the subject of the client certificate |
CLIENT_CERT_SUBJECT_L |
Location of the subject of the client certificate |
CLIENT_CERT_SUBJECT_ST |
State of the subject of the client certificate |
CLIENT_CERT_SUBJECT_E |
E-mail of the subject of the client certificate |
CLIENT_CERT_SUBJECT_UID |
UID part of the CN of the subject of the client certificate |
CLIENT_CERT_ISSUER_DN |
Distinguished Name of the issuer of the client certificate |
CLIENT_CERT_ISSUER_OU |
Organization Unit of the issuer of the client certificate |
CLIENT_CERT_ISSUER_O |
Organization of the issuer of the client certificate |
CLIENT_CERT_ISSUER_C |
Country of the issuer of the client certificate |
CLIENT_CERT_ISSUER_L |
Location of the issuer of the client certificate |
CLIENT_CERT_ISSUER_ST |
State of the issuer of the client certificate |
CLIENT_CERT_ISSUER_E |
E-mail of the issuer of the client certificate |
CLIENT_CERT_ISSUER_UID |
UID part of the CN of the issuer of the client certificate |
CLIENT_CERT_VALIDITY_START |
Start date of the client certificate |
CLIENT_CERT_VALIDITY_EXIRES |
Expiration date of the client certificate |
CLIENT_CERT_EXTENSION_xxx |
Certificate extension, where xxx is the name of the extension |
REVOCATION_METHOD |
Name of the certificate revocation method if exists |
REVOCATION_STATUS |
Status of certificate revocation if it exists |