Moshe Katz
August 02, 2019 01:38AM
If your application is using fastcgi or proxy configuration in nginx, you
need to have nginx put the information from the certificate into a FastCGI
parameter or an http header that your application can read.

Use something like `fastcgi_param DN $ssl_client_s_dn;` for FastCGI or
`proxy_set_header X-ClientCert-DN $ssl_client_s_dn;` for proxy.

This is a good resource I have used in the past for configuring client

Alternatively, you can pass the entire certificate to your application and
let the application parse it all over again to extract what it wants with
something like this: `proxy_set_header X-SSL-CERT
$ssl_client_escaped_cert`. See here for more about that:

On Fri, Aug 2, 2019, 12:24 AM vz19 <> wrote:

> Hi,
> My application uses NGINX as its web server and I am adding support for
> client certificate authentication. I have a requirement where after NGINX
> validates the client certificate and provides access to my application, I
> need to obtain the Subject field of the client certificate to parse certain
> certificate details from my application. Is there a way to obtain this
> information from the application level or does this information reside only
> on the NGINX layer? I tried using APIs like ngx_ssl_get_subject_dn from my
> application but that didn't work. Please provide some inputs or point me in
> the right direction if I'm missing something.
> Thanks
> Posted at Nginx Forum:
> _______________________________________________
> nginx mailing list
nginx mailing list
Subject Author Posted

Client Certificate subject information

vz19 August 02, 2019 12:23AM

Re: Client Certificate subject information

Moshe Katz August 02, 2019 01:38AM

Re: Client Certificate subject information

vz19 August 02, 2019 02:15AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 263
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready