文档: /usr/share/doc/apache2.2-common/README-Debian (有大部分需要的配置资料)
使用openssl CA.
需要两个工具文件:Makefile, openssl.conf(忘记在哪个网站上下载的了。。。)
mkdir newCA
cd newCA
make init //生成根证书 ca-cert.pem,这个根证书用来颁发用户证书和apache的证书
修改/etc/apache2/sites-available/default-ssl
SSLVerifyClient optiaonal
SSLVerifyDepth 1
SSLCACertificateFile path/ca-cert.pem
颁发用户证书
生成key: openssl genrsa -des3 -out client.key 2048
生成请求:openssl req -new -key client.key -out lddlinan@server1.newdomain.com.csr
cp lddlinan@server1.newdomain.com.csr newCA/
make sign
会生成用户的证书,要让IE识别,一种方式是转成p12格式:
生成IE认可的证书
openssl pkcs12 -export -in input.crt -inkey input.key -certfile root.crt -out bundle.p12
在IE中导入就可以使用环境变量来识别用户了,注意的是有些环境变量有所更改,这里需要使用的是SSL_CLIENT_S_DN_CN
所有CGI变量
Variable Name | Type | HTTP Server Type | Description |
---|---|---|---|
ACCEPT_RANGES | Non-SSL | original | Server API only. Used to accept ranges other than bytes. Example: bytes |
ALL_VARIABLES | Non-SSL | original (server API only) | All the CGI environment variables. |
AUTH_TYPE | Non-SSL | all | If the server supports client authentication and the script is a protected script, this environment variable contains the method that is used to authenticate the client. Example: Cert_Or_Basic |
CGI_ASCII_CCSID | Non-SSL | all | Contains the ASCII CCSID the server used when converting CGI input data. If the server did not perform any conversion, (for Example, in %%BINARY%% mode), the server sets this value to the DefaultNetCCSID configuration directive value. Example: 819 |
CGI_EBCDIC_CCSID | Non-SSL | all | Contains the EBCDIC CCSID under which the current server job is running (DefaultFsCCSID configuration directive). It also represents the current job CCSID that is used during server conversion (if any) of CGI input data. Example: 37 |
CGI_MODE | Non-SSL | all | Contains the CGI conversion mode the server is using for this request. The program can use this information to determine what conversion, if any, was performed by the server on CGI input data and what format that data is currently in. Example: %%EBCDIC%% |
CGI_OUTPUT_MODE | Non-SSL | all | Determines which output conversion mode the server is using. Example: %%EBCDIC%% |
ClassPath | Non-SSL | Apache | Used with the SetEnv or SetEnvIf directive to provide the JavaClassPath for Java™ CGI programs. Example: /directory1/directory1a:/directory2/:/directory3/ |
CLIENT_ADDR | Non-SSL | original (server API only) | The IP address for the client. Example: 10.10.2.3 |
CLIENT_AUTH | Non-SSL | original (server API only) | Defines client authentication as on or off. Example ON. |
CLIENTMETHOD | Non-SSL | original (server API only) | The HTTP method that is used in the request. |
CLIENT_NAME | Non-SSL | original (server API only) | The host name of the machine making the request. Example: SMITH |
CLIENT_PROTOCOL | Non-SSL | original (server API only) | The name and version of the protocol the client is using to make the request. Example: HTTP |
CONNECTIONS | Non-SSL | original (server API only) | The number of connections being served, or number of active requests. Example: 15 |
CONTENT_CHARSET | Non-SSL | original (server API only) | The character set of the response for text/*. Example: US ENGLISH |
CONTENT_LENGTH | Non-SSL | all | When the method of POST is used to send information, this variable contains the number of characters. Servers typically do not send an end-of-file flag when they forward the information by using stdin. If needed, you can use the CONTENT_LENGTH value to determine the end of the input string. Example: 7034 |
CONTENT_TYPE | Non-SSL | all | When information is sent with the method of POST, this variable contains the type of data included. You can create your own content type in the server configuration file and map it to a viewer. Example: Application/x-www-form-urlencoded |
CONTENT_TYPE_ PARAMETERS | Non-SSL | original (server API only) | The other MIME attributes, but not the character set. |
DATE_GMT | Non-SSL | Apache (SSI only) | The current date and time in Greenwich Mean Time. Example: 2000/12/31:03:15:20 |
DATE_LOCAL | Non-SSL | Apache (SSI only) | The current date and time in the local time zone. Example: 2000/08/14:15:40:10 |
DOCUMENT_NAME | Non-SSL | all | The file name of the document requested by the user. Example: /www/myserver/htdocs/html/hello.html |
DOCUMENT_PATH_ INFO | Non-SSL | Apache (SSI only) | Contains the additional path information as sent by the Web browser for SSI. Example: /wizard |
DOCUMENT_ROOT | Non-SSL | all | Sets the directory from which the HTTP Server will serve files. The server appends the path from the requested URL to the document root and makes the path to the document. Example: /www/myserver/htdocs |
DOCUMENT_URI | Non-SSL | all | The URI of the document requested by the user. Example: /html/hello.html
Note: The DOCUMENT_URI and DOCUMENT_URL environment variables are identical
|
DOCUMENT_URL | Non-SSL | all | The URL of the document requested by the user. Example: /html/hello.html
Note: The DOCUMENT_URI and DOCUMENT_URL environment variables are identical.
|
DTW_IS_ALLOWED_ CLUSTER _ENABLED | Non-SSL | original | This is a single symbol (flag) containing TRUE or FALSE. TRUE means the macro is allowed to be cluster-enabled (its allowed to run across a cluster) and FALSE means the macro is not allowed to be cluster-enabled (its not allowed to run across a cluster). This variable is initialized by Net.Data® and cannot be modified. The macro is cluster-enabled only if DTW_IS_ALLOWED_CLUSTER_ENABLED is set to "TRUE" and the macro is persistent. Example: TRUE |
ERRORINFO | Non-SSL | original (server API only) | Specifies the error code to determine the error page. Example: 401 |
EXPIRES | Non-SSL | original (server API only) | Defines the expiration for documents that are stored in a proxy's cache. Example: Thu, 01 Dec 2002 16:00:00 GMT |
FSCP | Non-SSL | all | The EBCDIC CCSID used to translate the data. Example: 37 |
GATEWAY_ INTERFACE | Non-SSL | all | Contains the version of CGI that the server is using. Example: CGI/1.1 |
HTTP_ACCEPT | Non-SSL | all | Contains the list of MIME types the browser accepts. Example: image/gif,image/x-xbitmap,image/jpeg,image/pjeg,image/pgn,*/*
Note: The header lines received from the client, if any, are placed into the environment variable with the prefix HTTP_* followed by the header name. The header will return the environment variable.
|
HTTP_ACCEPT_ CHARSET | Non-SS | all | Contains the list of character sets the browser accepts. Example: iso-8859-1,*,utf-8
Note: The header lines received from the client, if any, are placed into the environment variable with the prefix HTTP_* followed by the header name. The header will return the environment variable.
|
HTTP_ACCEPT_ ENCODING | Non-SSL | all | Contains the list of encoding protocols the browser accepts. Example: gzip Note: The header lines received from the client, if any, are placed into the environment variable with the prefix HTTP_* followed by the header name. The header will return the environment variable. |
HTTP_ACCEPT_ LANGUAGE | Non-SSL | all | Contains the list of languages the browser accepts. Example: de,fr,en
Note: The header lines received from the client, if any, are placed into the environment variable with the prefix HTTP_* followed by the header name. The header will return the environment variable.
|
HTTP_CONNECTION | Non-SSL | all | The header lines received from the client, if any, are placed into the environment variable with the prefix HTTP_* followed by the header name. The header will return to the environment variable. Example: Keep-Alive |
HTTP_COOKIE | Non-SSL | all | User defined cookie for the response. Example: w3ibmTest=true |
HTTP_HOST | Non-SSL | all | Contains the HTTP host URL. Example: IBM®.COM
Note: The header lines received from the client, if any, are placed into the environment variable with the prefix HTTP_* followed by the header name. The header will return the environment variable.
|
HTTP_REASON | Non-SSL | original (server API only) | Sets the reason string in the HTTP response header. Example: "Not Modified" |
HTTP_RESPONSE | Non-SSL | original (server API only) | Sets the response code in the HTTPS response header. Example: 304 |
HTTP_USER_AGENT | Non-SSL | all | Contains the name of your browser (web client). It includes the name and version of the browser, requests that are made through a proxy, and other information. Example: Mozilla/4.72 [en ](WinNT;U)
Note: The header lines received from the client, if any, are placed into the environment variable with the prefix HTTP_* followed by the header name. The header will return the environment variable.
|
IBM_CCSID_VALUE | Non-SSL | all | The CCSID under which the current server job is running. Example: 37 |
INIT_STRING | Non-SSL | original (server API only) | The string specified on the ServerInit directive. |
LAST_MODIFIED | Non-SSL | original (server API only) and Apache | The last modification date of the document requested by the user. Example: 2000/12/31:09:45:20 |
LOCAL_VARIABLES | Non-SSL | original (server API only) | All the user-defined variables. |
NETCP | Non-SSL | all | The default ASCII CCSID used to translate the data. Example: 819 |
PASSWORD | Non-SSL | original (server API only) | For authentication, contains the decoded password. Example: password Note: (iSeries™ passwords are not returned) The HTTP Server (original) does not allow access to the PASSWORD variable if the authorization is configured which uses user profiles and passwords for authentication. To prevent an application from obtaining a user profile password, HTTPD_extract() is sensitive to the type of protect setups that are currently configured. If a protection setup is configured with a password file of %%SYSTEM%% (protection requiring user profile password), HTTP_extract() for PASSWORD returns HTTP_PARAMETER_ERROR and sets the value parameter to *CONFLICT. Otherwise, HTTP_extract() returns the appropriate value. |
PATH_INFO | Non-SSL | all | Contains the additional path information as sent by the web browser. Example: /wizard |
PATH_TRANSLATED | Non-SSL | all | Contains the decoded or translated version of the path information that is contained in PATH_INFO, which takes the path and does any virtual-to-physical mapping to it. Example: /wwwhome/wizard |
PEAKCONNECTIONS | Non-SSL | original (server API only) | Defines the peak number of connections the server allows. Example: 45 |
PPATH | Non-SSL | original (server API only) | The partially translated path. Example: /wwwhome/wizard |
PROXY_ACCESS | Non-SSL | original (server API only) | Defines whether the request is a proxy request or not. Example: NO |
PROXY_CONTENT_ LENGTH | Non-SSL | original (server API only) | The Content-Length header of the proxy request that is made through HTTPD_proxy. When information is sent with the method of POST, this variable contains the number of characters. Servers typically do not send an end-of-file flag when they forward the information by using stdin. If required, you can use the CONTENT_LENGTH value to determine the end of the input string. Example: 7034 |
PROXY_CONTENT_ TYPE | Non-SSL | original (server API only) | The Content-Type header of the proxy request that is made through HTTPD_proxy. When information is sent with the method of POST, this variable contains the type of data included. You can create your own content type in the server configuration file and map it to a viewer. Example: application/x-www-form-urlencoded |
PROXY_METHOD | Non-SSL | original (server API only) | The method for the request that is made through HTTPD_proxy. Example: GET |
QUERY_STRING | Non-SSL | all | When information is sent using a method of GET, this variable contains the information in a query that follows the "?". The string is coded in the standard URL format of changing spaces to "+" and encoding special characters with "%xx" hexadecimal encoding. The CGI program must decode this information. Example: NAME=Eugene+T%2E+Fox=etfox%7Cibm.net=xyz
Note: The supported maximum size of QUERY_STRING is 4K for HTTP Server (original) and 8K for HTTP Server (powered by Apache).
|
QZHBHA_MODEL | Non-SSL | original | Model of the highly available Web server. Example: PRIMARYBACKUP |
QZHBIS_FIRST_ REQUEST | Non-SSL | original | This environment variable indicates to a CGI program if this is a subsequent request of some session. The Web server sets this variable to 1 if this is not a subsequent request of any session (this is potentially the first request of a new session). The Web server sets this variable to 0 if this is a subsequent request of some session. Example: 0 |
QZHBIS_CLUSTER_ ENABLED | Non-SSL | original | This environment variable indicates to the CGI program that the CGI program is allowed to be cluster-enabled if the request does not belong to any existing session (QZHBIS_FIRST_REQUEST is set to 1). This environment variable indicates to the CGI program that the CGI program is cluster-enabled (QZHBIS_FIRST_REQUEST set to "0"). When the Web server receives a first request to a CGI, it decides if the CGI program is allowed to be cluster-enabled. If the CGI program is allowed to be cluster-enabled, the Web server sets the QZHBIS_CLUSTER_ENABLED environment variable to 1; otherwise the Web server does not define the QZHBIS_CLUSTER_ENABLED environment variable. When the Web server receives a subsequent request to a CGI, it looks to see if the session is cluster-enabled. If the session is cluster-enabled, the Web server sets the QZHBIS_CLUSTER_ENABLED environment variable to 1; otherwise the Web server does not define the QZHBIS_CLUSTER_ENABLED environment variable. Example: 1 |
QZHBNEXT_SESSION_ HANDLE | Non-SSL | original | This environment variable contains a new session handle for a CGI program to use. If the CGI program is cluster-disabled, it may ignore this session handle. The Web server generates a session handle and sets the QZHBNEXT_SESSION_HANDLE environment variable to this value. If the CGI program decides to be cluster-enabled, it must use the passed session handle in the URLs of subsequent requests; otherwise, the Web server will not associate subsequent requests with this session. Example: 8B739003AB741824899F0004AC009021 |
QZHBRECOVERY . | Non-SSL | original | Contains whether the highly available Web server has gone through a recovery (primary to backup or backup to primary). If this environment variable is present, recovery has occurred. If it is not present, then recovery has not occurred |
REDIRECT_QUERY_ STRING | Non-SSL | Apache | Contains QUERY_STRING from a re-directed request. Example: NAME=Eugene+T%2E+Fox=etfox%7Cibm.net=xyz |
REDIRECT_QUERY_ URL | Non-SSL | Apache | This environment variable is used in the primary/backup models only. This environment variable is used to indicate to a cluster-enabled CGI program that it should perform a recovery operation (for example, restore its state). The Web server passes a session handle to the CGI program through the QZHBRECOVERY environment variable. The Web server passes the CGI's state to the CGI program. If there is no recovery, this environment variable is undefined. In the primary/backup model, the high availability CGI is also treated as a persistent CGI. The high availability CGI state information can also be retained in the CGI job. The next request for the next step in the CGI is automatically run in the same job. Therefore, the CGI program can skip reading its state unless this environment variable is defined. Example: 4D868803AB731824899F0004AC009021 |
REFERRER | Non-SSL | Apache | Contains the referrer. Example: http://www.myserver.com/cgi-bin/ |
REFERRER_URL | Non-SSL | all | Contains the referrer URL. Example: http://WWW.MYSERVER.COM:8080/perlSetEnv/ |
REMOTE_ADDR | Non-SSL | all | Contains the IP address of the remote host (web browser) that is making the request, if available. Example: 10.10.2.3 |
REMOTE_HOST | Non-SSL | original | Contains the host name of the web browser that is making the request, if available. Example: www.mybusiness.com |
REMOTE_PORT | Non-SSL | Apache | Contains the remote user port number. Example: 3630 |
REMOTE_IDENT | Non-SSL | all | Contains the user ID of the remote user. Example: MyIdentityx |
REMOTE_USER | Non-SSL | all | If you have a protected script and the server supports client authentication, this environment variable contains the user name that is passed for authentication. Example: SMITH |
REQHDR | Non-SSL | original (server API only) | Contains all of the headers received from the client separated by Carriage Return/Line Feed (/r/n). |
REQUEST_CONTENT_ LENGTH | Non-SSL | original (server API only) | When information is sent with the method of POST, this variable contains the number of characters. The server typically does not send an end-of-file flag when it forwards the information by using stdin. If required, you can use the CONTENT_LENGTH value to determine the end of the input string. Example: 7034 |
REQUEST_CONTENT_ TYPE | Non-SSL | original (server API only) | When information is sent with the method of POST, this variable contains the type of data included. You can create your own content type in the server configuration file and map it to a viewer. Example: application/x-www-form-urlencoded |
REQUEST_METHOD | Non-SSL | all | Contains the method (as specified with the METHOD attribute in an HTML form) that is used to send the request. Example: GET |
REQUEST_URI | Non-SSL | Apache | Specifies URI to be requested. Example: /cgi-bin/hello.pgm |
RULE_FILE | Non-SSL | all | Specifies rule file to be used. Example: /www/myserver/conf/httpd.conf |
SCRIPT_FILENAME | Non-SSL | Apache | The file name of the document requested by the user. Example: /QSYS.LIB/CGI.LIB/HELLO.PGM |
SCRIPT_NAME | Non-SSL | all | A virtual path to the program being run. Use this for self-referring URLs. Example: /cgi-bin/hello.pgm |
SERVER_ADDR | Non-SSL | all | Contains the address of the server. Example: 10.10.2.3 |
SERVER_ADMIN | Non-SSL | Apache | Contains information about the server administrator. Example: [no address given ] |
SERVER_NAME | Non-SSL | all | Contains the server host name or IP address of the server. Example: 10.9.8.7 |
SERVER_PORT | Non-SSL | all | Contains the port number to which the client request was sent. Example: 2001 |
SERVER_PROTOCOL | Non-SSL | all | Contains the name and version of the information protocol that is used to make the request. Example: HTTP/1.0 |
SERVER_ROOT | Non-SSL | original | Sets the directory in which the server lives. It will typically contain the subdirectories like conf/ and logs/. Paths for other configuration fields are taken as relative to this directory. Example: /myserver/main/ |
SERVER_SIGNATURE | Non-SSL | all | Allows configuration of a trailing footer line under server generated documents like error messages, mod_proxy ftp directory listings, and mod_info output. Enabling the footer line allows the user to tell which chained servers in a proxy chain produced a returned error message. Example: On |
SERVER_SOFTWARE | Non-SSL | all | Contains the name and version of the information server software that is answering the request. Example: IBM-HTTP-SERVER/1.0 |
SSI_DIR | Non-SSL | all | The path of the current file relative to SSI_ROOT. If the current file is in SSI_ROOT, this value is "/". Example: ssi_child_dir/ |
SSI_FILE | Non-SSL | all | The file name of the current file. Example: ssi_parent.shtml |
SSI_INCLUDE | Non-SSL | all | The value that is used in the include command that retrieved this file. This is not defined for the topmost file. Example: ssi_child_dir/ssi_child.shtml |
SSI_PARENT | Non-SSL | all | The path and file name of the include, relative to SSI_ROOT. Example: ssi_parent.shtml |
SSI_ROOT | Non-SSL | all | The path of the topmost file. All include requests must be in this directory or a child of this directory. Example: #echo var=SSI_DIR ->
Note: You can use echo to display a value set by the set or global directives.
|
UNIQUE_ID | Non-SSL | Apache | Provides a unique magic token and acts as the identifier across all requests under very specific conditions. Example: aK8YOAkFBZkAABsuEC4AAACB |
URI | Non-SSL | original (server API only) | The URL of the document requested by the user. Example: /cgi-bin/hello.pgm |
URL | Non-SSL | original (server API only) | The URL of the document requested by the user. Example: /cgi-bin/hello.pgm |
USERID | Non-SSL | original (server API only) | If you have a protected script and the server supports client authentication, this environment variable contains the user name that is passed for authentication. Example: SMITH |
USERNAME | Non-SSL | original (server API only) | If you have a protected script and the server supports client authentication, this environment variable contains the user name that is passed for authentication. Example: SMITH |
HTTPS | SSL | all | Returns ON if the system has completed an SSL handshake. It returns OFF if the exchange of signals to set up communications between two modems has failed. Example: OFF |
HTTPS_CIPHER | SSL | all | This is the cipher that is used to negotiate with the client on the SSL handshake. Example: SSL_RSA_WITH_RC4_128_MD5 |
HTTPS_CLIENT_ CERT | SSL | all | The entire certificate passed to the server from the client browser when SSL client authentication is enabled. The format of the certificate is a BASE64 encoded string that represents the DER format of the X.509 certificate. As an environment variable the BASE64 encoded string has been converted to EBCDIC and must be converted back to ASCII before it can be used for typical digital certificate API's. Example: MIIC0DCCAbigAwIBAgIHOL2Yx... |
HTTPS_CLIENT_ CERT_COMMON _NAME | SSL | all | The common name from the client certificate's distinguished name. Example: SMITH |
HTTPS_CLIENT_ CERT_COUNTRY | SSL | all | The country code from the client certificate's distinguished name. Example: US |
HTTPS_CLIENT_ CERT_DN | SSL | all | The client certificate's distinguished name. Example: :cn=CAPTAIN,ou=downtown,o=fire fighters,l=Minot,st=North Dakota,c=US |
HTTPS_CLIENT_ CERT_EMAIL | SSL | Apache | The email of the client owning the certificate. Example: me@mycompany.com |
HTTPS_CLIENT_ CERT_ISSUER_ COMMON_NAME | SSL | all | The common came of the certificate authority that issued the client's certificate. Example: SMITH |
HTTPS_CLIENT_ CERT_ISSUER_ COUNTRY | SSL | all | The country code of the certificate authority that issued the client's certificate. Example: US |
HTTPS_CLIENT_ CERT_ISSUER_DN | SSL | all | The distinguished name of the certificate authority that issued the client's certificate. Example: :cn=testsystem.ibm.com CA,ou=Test Organization Unit,o=System test, l=Rochester,st=Minnesota,c=US |
HTTPS_CLIENT_ CERT_ISSUER_EMAIL | SSL | all | The e-mail address of the certificate authority that issued the client's certificate. Example: me@mydomain.net |
HTTPS_CLIENT_ CERT_ISSUER_ LOCALITY | SSL | all | The locality or city of the certificate authority that issued the client's certificate. Example: New York |
HTTPS_CLIENT_ CERT_ISSUER_ORG_ UNIT | SSL | all | The organizational unit of the certificate authority that issued the client's certificate. Example: bird watchers |
HTTPS_CLIENT_ CERT_ISSUER_ ORGANIZATION | SSL | all | The organization name of the certificate authority that issued the client's certificate. Example: dove |
HTTPS_CLIENT_ CERT_ISSUER_ POSTAL_CODE | SSL | Apache | The postal code of the certificate authority that issued the client's certificate. Example: 12344-6789 |
HTTPS_CLIENT_ CERT_ISSUER_STATE_ OR_PROVINCE | SSL | all | The state or province of the certificate authority that issued the client's certificate. Example: North Dakota |
HTTPS_CLIENT_ CERT_LEN | SSL | all | The length of the certificate passed in HTTPS_CLIENT_CERT. Example: 968 |
HTTPS_CLIENT_ CERT_LOCALITY | SSL | all | The locality or city of the client certificate's distinguished name. Example: New York |
HTTPS_CLIENT_ CERT_ORG_UNIT | SSL | all | The organization unit name from the client certificate's distinguished name. Example: Pack234 |
HTTPS_CLIENT_ CERT_ ORGANIZATION | SSL | all | The organization name from the client certificate's distinguished name. Example: Scouts |
HTTPS_CLIENT_ CERT_POSTAL_CODE | SSL | Apache | The postal code assigned by the issueing certificate authority. Example: 80525 |
HTTPS_CLIENT_ CERT_SERIAL_NUM | SSL | all | The serial number assigned by the issuing certificate authority. Example: 3F:E4:83:81:02:D5:58 |
HTTPS_CLIENT_ CERT_STATE_OR_ PROVINCE | SSL | all | The state or province from the client certificate's distinguished name. Example: Alberta |
HTTPS_CLIENT_ ISSUER_EMAIL | SSL | Apache | Contains the email address of the Certificate Authority that issued the certificate. Example: jones@mydomain.net |
HTTPS_KEYSIZE | SSL | all | If a valid security product is installed and the SSLMode directive is SSLMode=ON, this will be set to the size of the bulk encryption key used in the SSL session. Example: [ 128 ] |
HTTPS_PORT SSL | original | original | For HTTP Server (original), if a valid security product is installed and the SSLMode directive is SSLMode=ON, this environment variable contains the SSL port number the server is listening on. Example: 443
Note: HTTP Server (powered by Apache) must set this environment variable in the configuration file. Add to your config file "SetEnv HTTPS_PORT nnnnn" where nnnnn is the https port matching the secure port for the context that it applies to (server config or specific to virtual host).
|
HTTPS_SESSION_ID | SSL | all | Set to NULL by default when used with HTTP Server (powered by Apache). |
HTTPS_SESSION_ ID_NEW | SSL | all | If the value is TRUE, it indicates that a full handshake was performed for this SSL session. If the value is FALSE, it indicates that an abbreviated handshake was performed for this SSL session. Example: True |
SSL_CIPHER | SSL | Apache | This is the cipher that is used to negotiate with the client on the SSL handshake. Example: SSL_RSA_WITH_RC4_128_MD5 |
SSL_CLIENT_C | SSL | Apache | The country code from the client certificate's distinguished name. Example: USA |
SSL_CLIENT_ CERTBODY | SSL | Apache | The entire certificate passed to the server from the client browser when SSL Client authentication is enabled. The format of the certificate is a BASE64 encoded string that represents the DER format of the X.509 certificate. As an environment variable the BASE64 encoded string has been converted to EBCDIC and must be converted back to ASCII before it can be used for typical digital certificate API's. Example: MIIC0DCC big IB gIHOL2Yx... |
SSL_CLIENT_ CERTBODYLEN | SSL | Apache | The length of the certificate passed in SSL_CLIENT_CERT. Example: 828 |
SSL_CLIENT_ CERT_EMAIL | SSL | Apache | The email of the client owning the certificate. Example: me@mycompany.com |
SSL_CLIENT_CN | SSL | Apache | The common name from the client certificate's distinguished name. Example: SMITH |
SSL_CLIENT_DN | SSL | Apache | The client's distinguished name. Example: :cn=CAPTAIN,ou=downtown,o=fire fighters,l=Minot,st=North Dakota,c=US HTTPS_CLIENT_CERT_DN :cn=CAPTAIN,ou=downtown,o=fire fighters,l=Minot,st=North Dakota,c=US |
SSL_CLIENT_ICN | SSL | Apache | The common name of the certificate authority that issued the client's certificate. Example: SMITH |
SSL_CLIENT_IC | SSL | Apache | The country code of the certificate authority that issued the client's certificate. Example: CA |
SSL_CLIENT_IDN | SSL | Apache | The distinguished name of the certificate authority that issued the client's certificate. Example: :cn=testsystem.ibm.com CA,ou=Test Organization Unit,o=System test, l=Rochester,st=Minnesota,c=US |
SSL_CLIENT_EMAIL | SSL | Apache | The e-mail of the certificate authority that issued the client's certificate. Example: me@mycompany.com |
SSL_CLIENT_IL | SSL | Apache | The locality of the certificate authority that issued the client's certificate. Example: New York |
SSL_CLIENT_IO | SSL | Apache | The organization name of the certificate authority that issued the client's certificate. Example: bird watchers |
SSL_CLIENT_IOU | SSL | Apache | The organizational unit of the certificate authority that issued the client's certificate. Example: bird watchers |
SSL_CLIENT_IPC | SSL | Apache | The postal code of the certificate authority that issued the client's certificate. Example: 55901 |
SSL_CLIENT_IST | SSL | Apache | The state or province of the certificate authority that issued the client's certificate. Example: MNA |
SSL_CLIENT_L | SSL | Apache | The locality or city of the client certificate's distinguished name. Example: New York |
SSL_CLIENT_ NEWSESSIONID | SSL | Apache | If the value is TRUE, it indicates that a full handshake was performed for this SSL session. If the value is FALSE, it indicates that an abbreviated handshake was performed for this SSL session. Example: True |
SSL_CLIENT_O | SSL | Apache | The organization name from the client certificate's distinguished name. Example: bird watchers |
SSL_CLIENT_OU | SSL | Apache | The organizational unit name from the client certificate's distinguished name. Example: bird watchers |
SSL_CLIENT_PC | SSL | Apache | The postal code from the client certificate's distinguished name. Example: 58401 |
SSL_CLIENT_ SERIALNUM | SSL | Apache | The serial number assigned by the issuing certificate authority. Example: 3F:E4:83:81:02:D5:58 |
SSL_CLIENT_ SESSIONID | SSL | Apache | If the value is TRUE, it indicates that a full handshake was performed for this SSL session. If the value is FALSE, it indicates that an abbreviated handshake was performed for this SSL session. Example: True |
SSL_CLIENT_ST | SSL | Apache | The state or province from the client certificate's distinguished name. Example: North Dakota |
SSL_PROTOCOL_ VERSION | SSL | Apache | The SSL protocol version negotiated on the SSL handshake with the client. Example: SSLV3 |
SSL_SERVER_C | SSL | Apache | The country where the server is located in. Example: Denmark |
SSL_SERVER_CN | SSL | Apache | The common name from the server certificate's distinguished name. Example: WWW.MYDOMAIN.COM |
SSL_SERVER_DN | SSL | Apache | The server's distinguished name. Example: :cn=TESTSYSTEM.IBM.COM,ou=MyTestOrganizationUnit, o=Software test, l=Rochester,st=Minnesota,c=US |
SSL_SERVER_EMAIL | SSL | Apache | The e-mail address of the server certificate. Example: me@mydomain.net |
SSL_SERVER_L | SSL | Apache | The locality of the server certificate's distinguished name. Example: New York |
SSL_SERVER_OU | SSL | Apache | The organization unit name from the server certificate's distinguished name. Example: bird watchers |
SSL_SERVER_O | SSL | Apache | The organization name from the server certificate's distinguished name. Example: bird watchers |
SSL_SERVER_ST | SSL | Apache | The state or province from the server certificate's distinguished name. Example: North Dakota |
HTTP_AS_ AUTH_PROFILETKN | SSL and Non-SSL | Apache | A 32-bit value used to identify or authenticate the user. See the ProfileToken directive for more information. |
QIBM_CGI_ LIBRARY_LIST | Non-SSL | Apache | This variable is used to set the CGI jobs' library list. The variable can be set using the SetEnv directive. See the SetEnv directive for more information. |
但是有些变量是更新过的http://www.modssl.org/docs/2.8/ssl_compat.html
Old Variable | mod_ssl Variable | Comment |
SSL_PROTOCOL_VERSION | SSL_PROTOCOL | renamed |
SSLEAY_VERSION | SSL_VERSION_LIBRARY | renamed |
HTTPS_SECRETKEYSIZE | SSL_CIPHER_USEKEYSIZE | renamed |
HTTPS_KEYSIZE | SSL_CIPHER_ALGKEYSIZE | renamed |
HTTPS_CIPHER | SSL_CIPHER | renamed |
HTTPS_EXPORT | SSL_CIPHER_EXPORT | renamed |
SSL_SERVER_KEY_SIZE | SSL_CIPHER_ALGKEYSIZE | renamed |
SSL_SERVER_CERTIFICATE | SSL_SERVER_CERT | renamed |
SSL_SERVER_CERT_START | SSL_SERVER_V_START | renamed |
SSL_SERVER_CERT_END | SSL_SERVER_V_END | renamed |
SSL_SERVER_CERT_SERIAL | SSL_SERVER_M_SERIAL | renamed |
SSL_SERVER_SIGNATURE_ALGORITHM | SSL_SERVER_A_SIG | renamed |
SSL_SERVER_DN | SSL_SERVER_S_DN | renamed |
SSL_SERVER_CN | SSL_SERVER_S_DN_CN | renamed |
SSL_SERVER_EMAIL | SSL_SERVER_S_DN_Email | renamed |
SSL_SERVER_O | SSL_SERVER_S_DN_O | renamed |
SSL_SERVER_OU | SSL_SERVER_S_DN_OU | renamed |
SSL_SERVER_C | SSL_SERVER_S_DN_C | renamed |
SSL_SERVER_SP | SSL_SERVER_S_DN_SP | renamed |
SSL_SERVER_L | SSL_SERVER_S_DN_L | renamed |
SSL_SERVER_IDN | SSL_SERVER_I_DN | renamed |
SSL_SERVER_ICN | SSL_SERVER_I_DN_CN | renamed |
SSL_SERVER_IEMAIL | SSL_SERVER_I_DN_Email | renamed |
SSL_SERVER_IO | SSL_SERVER_I_DN_O | renamed |
SSL_SERVER_IOU | SSL_SERVER_I_DN_OU | renamed |
SSL_SERVER_IC | SSL_SERVER_I_DN_C | renamed |
SSL_SERVER_ISP | SSL_SERVER_I_DN_SP | renamed |
SSL_SERVER_IL | SSL_SERVER_I_DN_L | renamed |
SSL_CLIENT_CERTIFICATE | SSL_CLIENT_CERT | renamed |
SSL_CLIENT_CERT_START | SSL_CLIENT_V_START | renamed |
SSL_CLIENT_CERT_END | SSL_CLIENT_V_END | renamed |
SSL_CLIENT_CERT_SERIAL | SSL_CLIENT_M_SERIAL | renamed |
SSL_CLIENT_SIGNATURE_ALGORITHM | SSL_CLIENT_A_SIG | renamed |
SSL_CLIENT_DN | SSL_CLIENT_S_DN | renamed |
SSL_CLIENT_CN | SSL_CLIENT_S_DN_CN | renamed |
SSL_CLIENT_EMAIL | SSL_CLIENT_S_DN_Email | renamed |
SSL_CLIENT_O | SSL_CLIENT_S_DN_O | renamed |
SSL_CLIENT_OU | SSL_CLIENT_S_DN_OU | renamed |
SSL_CLIENT_C | SSL_CLIENT_S_DN_C | renamed |
SSL_CLIENT_SP | SSL_CLIENT_S_DN_SP | renamed |
SSL_CLIENT_L | SSL_CLIENT_S_DN_L | renamed |
SSL_CLIENT_IDN | SSL_CLIENT_I_DN | renamed |
SSL_CLIENT_ICN | SSL_CLIENT_I_DN_CN | renamed |
SSL_CLIENT_IEMAIL | SSL_CLIENT_I_DN_Email | renamed |
SSL_CLIENT_IO | SSL_CLIENT_I_DN_O | renamed |
SSL_CLIENT_IOU | SSL_CLIENT_I_DN_OU | renamed |
SSL_CLIENT_IC | SSL_CLIENT_I_DN_C | renamed |
SSL_CLIENT_ISP | SSL_CLIENT_I_DN_SP | renamed |
SSL_CLIENT_IL | SSL_CLIENT_I_DN_L | renamed |
SSL_EXPORT | SSL_CIPHER_EXPORT | renamed |
SSL_KEYSIZE | SSL_CIPHER_ALGKEYSIZE | renamed |
SSL_SECKEYSIZE | SSL_CIPHER_USEKEYSIZE | renamed |
SSL_SSLEAY_VERSION | SSL_VERSION_LIBRARY | renamed |
SSL_STRONG_CRYPTO | - | Not supported by mod_ssl |
SSL_SERVER_KEY_EXP | - | Not supported by mod_ssl |
SSL_SERVER_KEY_ALGORITHM | - | Not supported by mod_ssl |
SSL_SERVER_KEY_SIZE | - | Not supported by mod_ssl |
SSL_SERVER_SESSIONDIR | - | Not supported by mod_ssl |
SSL_SERVER_CERTIFICATELOGDIR | - | Not supported by mod_ssl |
SSL_SERVER_CERTFILE | - | Not supported by mod_ssl |
SSL_SERVER_KEYFILE | - | Not supported by mod_ssl |
SSL_SERVER_KEYFILETYPE | - | Not supported by mod_ssl |
SSL_CLIENT_KEY_EXP | - | Not supported by mod_ssl |
SSL_CLIENT_KEY_ALGORITHM | - | Not supported by mod_ssl |
SSL_CLIENT_KEY_SIZE | - | Not supported by mod_ssl |