2

For a website I'm using a nginx configuration that requires a client ssl certificate. I want my Symfony/php project to be able to verify that a client ssl certificate is being used (and provide some extra information from the certificate as well). So I was thinking of doing this by adding it to the request http header.

In my nginx site configuration I have set:

ssl_client_certificate /home/user/ssl/ca.crt;
ssl_verify_client on;

This works, the client certificate is obligatory.

But I want my underlaying Symfony/php project to be able to verify that a client certificate is being used. I was thinking of adding it to the http request header, but I seem only to be able to add it to the http response header (back to the browser) like this (in the same nginx site config):

location / {
        try_files $uri /app.php$is_args$args;
        add_header X-ssl-client-verify $ssl_client_verify;
    }

In firefox I can see this response header indeed, but that is not what I want (and can be a security hazzard). I've also looked into this:

proxy_set_header X-ssl-client-verify $ssl_client_verify;

But this does not work because I'm not using a proxy.

Is there some other way to add an element to the request header? Or is there an alternative way to get client ssl certificate information into my Symfony / php project?

L.A. Rabida
  • 416
  • 3
  • 15
  • it's not symfony's job to add ssl headers, imho... wrong level of abstraction. but it surely could be done with an event listener that listens for the response and adds those headers. – Jakumi Apr 30 '20 at 16:14
  • It is symfony's job to read the headers that nginx provides. That is what I mean. There are no client sll certificate headers in the http request so there is no way for symfony to know if there is a client ssl certificate being used. – L.A. Rabida May 01 '20 at 13:23

0 Answers0