Re: Nginx can’t proxy client certificate authentication

WoMa nginx-forum at
Sat Mar 16 18:30:16 UTC 2019

Hi Francis

I solved this problem maybe not elegantly but it works.

1) Client certificate authentication is set on the nginx side and not on

         ssl_client_certificate /etc/pki/tls/certs/CA_COPE_SZAFIR_TEST.cer;

2) Authentication is optional and not required

         ssl_verify_client optional;

3 ) In locations that require a certificate (/ polishapi and /
identityserver), it is verified if the authentication was successful
client's certificate, if not, error 403 is returned - access denied

        if ($ssl_client_verify != SUCCESS) {
            return 403;

I tested on IE 11, FF 65 and Chrome 72 the behavior was correct.

Good luck,

Posted at Nginx Forum:,283393,283401#msg-283401

More information about the nginx mailing list