If your application is using fastcgi or proxy configuration in nginx, you need to have nginx put the information from the certificate into a FastCGI parameter or an http header that your application can read.
Use something like `fastcgi_param DN $ssl_client_s_dn;` for FastCGI or `proxy_set_header X-ClientCert-DN $ssl_client_s_dn;` for proxy. This is a good resource I have used in the past for configuring client certificates: http://blog.nategood.com/client-side-certificate-authentication-in-ngi Alternatively, you can pass the entire certificate to your application and let the application parse it all over again to extract what it wants with something like this: `proxy_set_header X-SSL-CERT $ssl_client_escaped_cert`. See here for more about that: https://serverfault.com/a/629017/105107 On Fri, Aug 2, 2019, 12:24 AM vz19 <[email protected]> wrote: > Hi, > > My application uses NGINX as its web server and I am adding support for > client certificate authentication. I have a requirement where after NGINX > validates the client certificate and provides access to my application, I > need to obtain the Subject field of the client certificate to parse certain > certificate details from my application. Is there a way to obtain this > information from the application level or does this information reside only > on the NGINX layer? I tried using APIs like ngx_ssl_get_subject_dn from my > application but that didn't work. Please provide some inputs or point me in > the right direction if I'm missing something. > > Thanks > > Posted at Nginx Forum: > https://forum.nginx.org/read.php?2,285079,285079#msg-285079 > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
