Getting Common Name from Distinguished Name of client certificate in NGINX

I need to get the CN of a client certificate in NGINX to append it to the proxy headers.

I already found the following map code for this.

map $ssl_client_s_dn $ssl_client_s_dn_cn {
    default "";
    ~/CN=(?<CN>[^/]+) $CN;
}

But sadly it only returns an empty string for the following $ssl_client_s_dn: CN=testcn,O=Test Organization

I tested it with other DNs, too. But the problem is always the same.

The pattern you use requires the legacy DN, since it assumes the / to separate the RDNs. So (since nginx v1.11.6) the following works:

map  $ssl_client_s_dn_legacy  $ssl_client_s_dn_cn {
  default "";
  ~/CN=(?<CN>[^/]+) $CN;
}

With $ssl_client_s_dn_legacy: /O=Test Organization/CN=testcn

As @christof-r mentioned, your regex matched with the legacy DN pattern. Please use this regex to match with the current ( > v1.11.6) pattern.

map $ssl_client_s_dn $ssl_client_s_dn_cn {
    default "";
    ~CN=(?<CN>[^,]+) $CN;
}

来源：https://stackoverflow.com/questions/55325548/getting-common-name-from-distinguished-name-of-client-certificate-in-nginx

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!