how to retrieve a ssl certificate in django?

Question

Is it possible to retrieve the client's SSL certificate from the current connection in Django? I don't see the certificate in the request context passed from the lighttpd. My setup has lighttpd and django working in fastcgi mode. Currently, I am forced to manually connect back to the client's IP to verify the certificate.. Is there a clever technique to avoid this? Thanks!

Update: I added these lines to my lighttpd.conf:

ssl.verifyclient.exportcert = "enable"
setenv.add-request-header = (
    "SSL_CLIENT_CERT" => env.SSL_CLIENT_CERT
)

Unfortunately, the env.SSL_CLIENT_CERT fails to dereference (does not exist?) and lighttpd fails to start. If I replace the "env.SSL_CLIENT_CERT" with a static value like "1", it is successfully passed to django in the request.META fields. Anything else, I could try? This is lighttpd 1.4.29.

Answer 1

Yes. Though this question is not Django specific.

Usually web servers have option to export SSL client-side certificate data as environment variables or HTTP headers. I have done this myself with Apache (not Lighttpd).

This is how I did it

1. On Apache, export SSL certificate data to environment variables

2. Then, add a new HTTP request headers containing these environment variables

3. Read headers in Python code

http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL

Looks like the option name is ssl.verifyclient.exportcert.

Though I am not sure how to do step 2 with lighttpd, as I have little experience on it.