Hi,
I'm using ssl_client_certificate, I want to set "proxy_set_header X-Cert-DN $ssl_client_s_dn;" when I proxy.
I've ssl_verify_client set to optional - this all works great, but in the browser, the user gets a cert prompt. Is there a way I can avoid the cert prompt - so the header will get set if a cert is supplied, but otherwise it won't prompt the user? (So curl -e cert.crt https://mysite should get the cert header, but a browser shouldn't know about it).
Cheers,
Chris