Check client certificate in nginx?

acidzombie24 asked:

I can issue certificates without a problem and I can get nginx to force users to provide a certificate but how do I get nginx to give me information about the certificate? Information such as name and serial number.

My answer:


The documentation covers the various SSL variables that nginx sets.

First you have to actually set ssl_verify_client to on or optional (depending on your requirements). Since this can only be used in an http or server block, if you only want part of your site protected by client certificates, you’ll need to use optional and have the application check the verification result.

Then the verification result will be stored in $ssl_client_verify and the client certificate identity will be stored in $ssl_client_s_dn. You then only need to pass these up to your application. If you need more than the subject identity, you can pass the entire client certificate with $ssl_client_cert.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.