mTLS, can web server know which cert passed the auth?

Hello Caddy community

I have a question regarding mTLS, I think mTLS is a great feature, I’m wondering about the articulation with a web server.

I’vre read this page JSON Config Structure - Caddy Documentation

Let’s say I use the trusted_leaf_certs option with a list of 20 certificates. When my web server receives a request, it means that the connection was authenticated with one of the twenty, I need to know the certificate to eventually link it with a user in my DB, where should I get this information (and can I get it at all ?).

Thanks !

Please fill out the help topic template, as per the forum rules. We need your config, version etc to properly answer your questions.

In general though, you’d use request placeholders and pass details about the client certificate via HTTP headers to your backend app.

1 Like


Thanks for the answers, yes I did not diligently followed the template I apologize for that. The reason is because we have not implemented it yet, we wanted to be sure sure that our web server would be able to identify the authenticatee after Caddy.

Thanks very much we will try to understand how request placeholders work, find the right one and eventually come back with config, caddy version etc. if we have trouble.


1 Like