This would have been impossible without HOWTO: Client side certificate auth with Nginx
I had a hard time setting up the client certificate authentication with rails and nginx. I followed HOWTO: Client side certificate auth with Nginx to setup the client certificate using nginx.
Once the client certificate was on place, Following are the setup for the nginx. Please replace the paths as per your configuration. nginx configuration
Now we are setting up the headers based on the information of the client certificate. Since ssl_verify_client on is set to on, nginx will reject all the connections with wrong client certificate.
To get the header information in rails, we can use request.headers.env[“HTTP_X_SSL_CLIENT_S_DN”] to get the information which is passed as header. For more info refer nginx embedded variables Note rails will convert “X-SSL-Client-S-DN” to “HTTP_X_SSL_CLIENT_S_DN”.