Welcome! Log In Create A New Profile

Advanced

Re: Client Certificate subject information

Moshe Katz
August 02, 2019 01:38AM
If your application is using fastcgi or proxy configuration in nginx, you
need to have nginx put the information from the certificate into a FastCGI
parameter or an http header that your application can read.

Use something like `fastcgi_param DN $ssl_client_s_dn;` for FastCGI or
`proxy_set_header X-ClientCert-DN $ssl_client_s_dn;` for proxy.

This is a good resource I have used in the past for configuring client
certificates:
http://blog.nategood.com/client-side-certificate-authentication-in-ngi

Alternatively, you can pass the entire certificate to your application and
let the application parse it all over again to extract what it wants with
something like this: `proxy_set_header X-SSL-CERT
$ssl_client_escaped_cert`. See here for more about that:
https://serverfault.com/a/629017/105107

On Fri, Aug 2, 2019, 12:24 AM vz19 <nginx-forum@forum.nginx.org> wrote:

> Hi,
>
> My application uses NGINX as its web server and I am adding support for
> client certificate authentication. I have a requirement where after NGINX
> validates the client certificate and provides access to my application, I
> need to obtain the Subject field of the client certificate to parse certain
> certificate details from my application. Is there a way to obtain this
> information from the application level or does this information reside only
> on the NGINX layer? I tried using APIs like ngx_ssl_get_subject_dn from my
> application but that didn't work. Please provide some inputs or point me in
> the right direction if I'm missing something.
>
> Thanks
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,285079,285079#msg-285079
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Client Certificate subject information

vz19 August 02, 2019 12:23AM

Re: Client Certificate subject information

Moshe Katz August 02, 2019 01:38AM

Re: Client Certificate subject information

vz19 August 02, 2019 02:15AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 89
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready