how to get common name from client cert in TLS connection instead of HTTPS
Albert Zhang
albert at plumewifi.com
Fri Sep 16 03:19:04 UTC 2016
how to get common name from client cert in TLS connection instead of HTTPS. I am using TLS not https and want to get common name from client cert using nginx plus ami on was,
I am using AWS elb(ssl)+nginx client certificate ssl I know use $ssl_client_s_dn but how to get/compare the value here is my config:
stream {
upstream stream_backend {
server 10.252.1.131:1983;
server 10.252.1.131:2983;
}
server {
listen 4443 ssl;
proxy_pass stream_backend;
proxy_ssl on;
proxy_ssl_certificate /etc/ssl/certs/server.crt;
proxy_ssl_certificate_key /etc/ssl/certs/server.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
# proxy_ssl_client_certificate /etc/ssl/certs/ca.pem;
proxy_ssl_trusted_certificate /etc/ssl/certs/ca.pem;
#proxy_ssl_session_reuse on;
proxy_ssl_verify on;
proxy_ssl_verify_depth 4;
# proxy_ssl_verify_client optional;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
ssl_handshake_timeout 30s;
}
}
albert
More information about the nginx
mailing list