If your application is using fastcgi or proxy configuration in nginx, you
need to have nginx put the information from the certificate into a FastCGI
parameter or an http header that your application can read.
Use something like `fastcgi_param DN $ssl_client_s_dn;` for FastCGI or
`proxy_set_header X-ClientCert-DN $ssl_client_s_dn;` for proxy.
This is a good resource I have used in the past for configuring client
certificates:
http://blog.nategood.com/client-side-certificate-authentication-in-ngi
Alternatively, you can pass the entire certificate to your application and
let the application parse it all over again to extract what it wants with
something like this: `proxy_set_header X-SSL-CERT
$ssl_client_escaped_cert`. See here for more about that:
https://serverfault.com/a/629017/105107
On Fri, Aug 2, 2019, 12:24 AM vz19 <nginx-forum@forum.nginx.org> wrote:
> Hi,
>
> My application uses NGINX as its web server and I am adding support for
> client certificate authentication. I have a requirement where after NGINX
> validates the client certificate and provides access to my application, I
> need to obtain the Subject field of the client certificate to parse certain
> certificate details from my application. Is there a way to obtain this
> information from the application level or does this information reside only
> on the NGINX layer? I tried using APIs like ngx_ssl_get_subject_dn from my
> application but that didn't work. Please provide some inputs or point me in
> the right direction if I'm missing something.
>
> Thanks
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,285079,285079#msg-285079
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx