mTLS, can web server know which cert passed the auth?

raf · October 20, 2022, 8:43am

Hello Caddy community

I have a question regarding mTLS, I think mTLS is a great feature, I’m wondering about the articulation with a web server.

I’vre read this page JSON Config Structure - Caddy Documentation

Let’s say I use the trusted_leaf_certs option with a list of 20 certificates. When my web server receives a request, it means that the connection was authenticated with one of the twenty, I need to know the certificate to eventually link it with a user in my DB, where should I get this information (and can I get it at all ?).

Thanks !

francislavoie · October 20, 2022, 10:42pm

Please fill out the help topic template, as per the forum rules. We need your config, version etc to properly answer your questions.

In general though, you’d use request placeholders and pass details about the client certificate via HTTP headers to your backend app.

raf · October 21, 2022, 9:49am

Hello

Thanks for the answers, yes I did not diligently followed the template I apologize for that. The reason is because we have not implemented it yet, we wanted to be sure sure that our web server would be able to identify the authenticatee after Caddy.

Thanks very much we will try to understand how request placeholders work, find the right one and eventually come back with config, caddy version etc. if we have trouble.

Thanks

system · December 19, 2022, 8:43am

This topic was automatically closed after 60 days. New replies are no longer allowed.