Nginx Client certificate

darryl4 · May 13, 2020, 10:05am

We have a client certificate on the backend server, and when browsing our domain our cert is triggered on the local PC, this is used to verify the users’ identity.

This works fine when using DNS only option in Cloudlare DNS, but when ‘Proxied’ the certificate is no longer requested. Is there an option or setting in Cloudflare that can use the ssl_client_certificate when Proxied? The only thing I see is the Authenticated Origin Pulls that uses a specific Cloudfalre client cert.

We have NGINX on the backend server and the following excerpts from the NGINX conf there;

ssl_client_certificate /path/to/client_cert.pem;
.
location ~ .php$ {
.
fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param DN $ssl_client_s_dn;
.
}

sandro · May 13, 2020, 10:42am

Client authentication is only possible in the context of an Enterprise plan

If that is not an option you can only go for an unproxied record.

darryl4 · May 13, 2020, 10:59am

Ok thanks for your reply, appreciated.

system · June 12, 2020, 10:05am

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
Cliente Passing Certificate SSL Security JanJam	3	2299	February 27, 2021
Question about client certificates Security	11	69	January 8, 2025
[TKT] mTLS Security	2	19	February 15, 2025
MTLS with uploaded certificate? Security	4	2106	December 19, 2021
Can't access site using client cert authentication Security dash-ssl-tls , dash-getting-started	2	4231	July 12, 2019

Nginx Client certificate

Related topics