Thanks for your reply. My application does not require the entire certificate, so I am just forwarding $ssl_client_s_dn in a custom header without any problems. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,236546,236599#msg-236599