Need client cert common name as user
Maxim Dounin
mdounin at mdounin.ru
Tue Sep 20 23:05:26 UTC 2011
Hello!
On Tue, Sep 20, 2011 at 06:39:08PM -0400, sailorfred wrote:
> I'm in the process of converting from lighttpd to nginx, but I'm not
> finding an equivalent of the lighttpd directive:
>
> ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"
>
> This sets the REMOTE_USER environment variable for the backend FastCGI
> process, and logs the common name into the access log.
>
> Is it possible to do this in nginx?
There is no direct replacement. If you are ok with full cert subject
DN as a user name, use something like this:
fastcgi_pass ...
fastcgi_param REMOTE_USER $ssl_client_s_dn;
...
Extracting only CN should be possible with "if" directive, though
will require writing some regexp to parse CN from DN. (And please
make sure to read http://wiki.nginx.org/IfIsEvil as "if" may cause
problems by itself if used in location context.)
Maxim Dounin
More information about the nginx
mailing list