从NGINX中的客户端证书的专有名称中获取通用名称 [英] Getting Common Name from Distinguished Name of client certificate in NGINX
问题描述
我需要在NGINX中获得客户端证书的CN,以将其附加到代理标头中.
I need to get the CN of a client certificate in NGINX to append it to the proxy headers.
我已经为此找到了以下地图代码.
I already found the following map code for this.
map $ssl_client_s_dn $ssl_client_s_dn_cn {
default "";
~/CN=(?<CN>[^/]+) $CN;
}
但是可悲的是,它只为以下$ ssl_client_s_dn返回一个空字符串:CN = testcn,O =测试组织
But sadly it only returns an empty string for the following $ssl_client_s_dn: CN=testcn,O=Test Organization
我也用其他DN测试了它.但是问题总是一样.
I tested it with other DNs, too. But the problem is always the same.
推荐答案
您使用的模式需要旧版DN,因为它假定/
来分隔RDN.因此(自nginx v1.11.6起)可以进行以下工作:
The pattern you use requires the legacy DN, since it assumes the /
to separate the RDNs. So (since nginx v1.11.6) the following works:
map $ssl_client_s_dn_legacy $ssl_client_s_dn_cn {
default "";
~/CN=(?<CN>[^/]+) $CN;
}
使用$ ssl_client_s_dn_legacy:/O =测试组织/CN = testcn
With $ssl_client_s_dn_legacy: /O=Test Organization/CN=testcn
这篇关于从NGINX中的客户端证书的专有名称中获取通用名称的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!