$ssl_client_escaped_cert forward client cert in URL encoded PEM only

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

$ssl_client_escaped_cert forward client cert in URL encoded PEM only

Lyubenov, Branimir

Hello team,

We use nginx as reverse proxy to a upstream endpoint which requires a client cert authentication. The proxy is configured to request a certificate from the browser and then to set a header in the proxy location block like:

proxy_set_header SSL_CLIENT_CERT $ssl_client_escaped_cert;


The upstream server supports PEM with some restrictions:

  1. Newlines should be replaced by space (or any whitespace)
  2. Or alternatively only the base64 content in one row (no blanks) without BEGIN.. END CERTIFICATE sections


Manipulating the upstream server is not an option. It is not another nginx instance. Is it possible to rewrite the header before it is sent by replacing all %0d and %0a with space and URL decoding a few other characters like %2f?


nginx mailing list
[hidden email]