gpr
11/4/2013 - 8:30 AM

How to get email from X509 certificate used for client authentication. The email could be used for setting the current user in Devise or

How to get email from X509 certificate used for client authentication.

The email could be used for setting the current user in Devise or Omniauth (considering that the user has been authenticated)

Common name could be used instead of email by using SSL_CLIENT_S_DN_CN.

request.env["SSL_CLIENT_S_DN_Email"] could be used by enabling +StdEnvVars but a comment in the mod_ssl documentation claims that it's not good for performances.

SSLVerifyClient require
SSLVerifyDepth  2

<Directory /var/www/html/app1>
        RailsEnv development
        Options -MultiViews
        SSLOptions -StdEnvVars -ExportCertData
        SSLUserName SSL_CLIENT_S_DN_Email
</Directory>
def get_ssl_username
  request.env["REMOTE_USER"]
end