Need client cert common name as user

Maxim Dounin mdounin at
Tue Sep 20 23:05:26 UTC 2011


On Tue, Sep 20, 2011 at 06:39:08PM -0400, sailorfred wrote:

> I'm in the process of converting from lighttpd to nginx, but I'm not
> finding an equivalent of the lighttpd directive:
> ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"
> This sets the REMOTE_USER environment variable for the backend FastCGI
> process, and logs the common name into the access log.
> Is it possible to do this in nginx?

There is no direct replacement.  If you are ok with full cert subject 
DN as a user name, use something like this:

    fastcgi_pass ...
    fastcgi_param REMOTE_USER $ssl_client_s_dn;

Extracting only CN should be possible with "if" directive, though 
will require writing some regexp to parse CN from DN.  (And please 
make sure to read as "if" may cause 
problems by itself if used in location context.)

Maxim Dounin

More information about the nginx mailing list