How to read all client chain certificates from fastcgi request.

sravanakk nginx-forum at
Thu May 9 09:01:17 UTC 2013


I configured my nginx with openssl as below:
    server {
        listen       443;
        server_name  localhost;

        ssl                  on;
        ssl_certificate     <Combined Server certificate and Root CA
        ssl_certificate_key  <Server Key>
        ssl_client_certificate <Root CA certificate>

        ssl_verify_client on;
        ssl_verify_depth 3;

        ssl_session_cache shared:SSL:64k;
        ssl_session_timeout  10m;

        ssl_ciphers  HIGH:!aNULL:!MD5;

>From client code I am sending client certificate as bellow
RootCA -> IntermediateCA -> Client

By using curl : 
      curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
      curl_easy_setopt(curl,CURLOPT_SSLCERT,"ClientCom.crt"); // This file
having three certificates

      if (pPassphrase)
        curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);

      curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");

My Server Code: As soon as nginx server gets any request from client, below
call would be triggered from my Server as below.
ReadTLSSessionData (FCGX_Request *request)
    FCGX_GetParam("SSL_CLIENT_RAW_CERT", request->envp);
    FCGX_GetParam("SSL_CLIENT_CERT", request->envp);

Here I am receiving only one certificate from these environmental variables.
But, I want to read all three certificates which client sending in PEM
format. Then I have to verify the extensions.

What is the environmental variable which gives all certificates from

Below is my fastcgi.conf file:
fastcgi_param SSL_CLIENT_CERT       $ssl_client_cert;
fastcgi_param SSL_CLIENT_RAW_CERT   $ssl_client_raw_cert;
fastcgi_param SSL_CLIENT_S_DN       $ssl_client_s_dn;
fastcgi_param SSL_CLIENT_I_DN       $ssl_client_i_dn;
fastcgi_param SSL_CLIENT_SERIAL     $ssl_client_serial;

Can anybody help me in this aspect!!!


Posted at Nginx Forum:,239048,239048#msg-239048

More information about the nginx mailing list