CD
Cloudflare Developers2mo ago
SMJS

Authenticated Origin Pulls produce a 400

So currently I have a domain setup called smjsproductions.com but for some reason when I verify the client with authenticated origin pulls turned on, it returns a 400 no matter what I try. The SSL seems to work just fine when it's turned off but for security purposes I prefer to have it on. I have already provided the latest origin CA RSA root pem provided in the docs to ssl_client_certificate. My config for context:
No description
2 Replies
SMJS
SMJSOP2mo ago
my SSL mode is Full (strict) btw nvm fixed, was apparently looking at the wrong docs for the sake of documentation I ended up fixing it following this: https://developers.cloudflare.com/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level/#1-upload-certificate-to-origin
Chaika
Chaika2mo ago
Looks like you figured it out. You can use a custom logging format in nginx along with the optional ssl_verify_client setting to check first if the cert is being sent before turning it to on and breaking traffic, like so 
  log_format combined_sslclient '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$ssl_client_s_dn($ssl_client_serial)" $ssl_client_fingerprint ';

        access_log /var/log/nginx/access.log combined_sslclient;
  log_format combined_sslclient '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$ssl_client_s_dn($ssl_client_serial)" $ssl_client_fingerprint ';

        access_log /var/log/nginx/access.log combined_sslclient;
Want results from more Discord servers?
Add your server