我需要在NGINX中获得客户端证书的CN,以将其附加到代理标头中.
I need to get the CN of a client certificate in NGINX to append it to the proxy headers.
我已经为此找到了以下地图代码.
I already found the following map code for this.
map $ssl_client_s_dn $ssl_client_s_dn_cn { default ""; ~/CN=(?<CN>[^/]+) $CN; }但是可悲的是,它只为以下$ ssl_client_s_dn返回一个空字符串:CN = testcn,O =测试组织
But sadly it only returns an empty string for the following $ssl_client_s_dn: CN=testcn,O=Test Organization
我也用其他DN测试了它.但是问题总是一样.
I tested it with other DNs, too. But the problem is always the same.
推荐答案您使用的模式需要旧版DN,因为它假定/来分隔RDN.因此(自nginx v1.11.6起)可以进行以下工作:
The pattern you use requires the legacy DN, since it assumes the / to separate the RDNs. So (since nginx v1.11.6) the following works:
map $ssl_client_s_dn_legacy $ssl_client_s_dn_cn { default ""; ~/CN=(?<CN>[^/]+) $CN; }使用$ ssl_client_s_dn_legacy:/O =测试组织/CN = testcn
With $ssl_client_s_dn_legacy: /O=Test Organization/CN=testcn
更多推荐
从NGINX中的客户端证书的专有名称中获取通用名称
发布评论