client-certificate-auth

Appearance

client-certificate-auth API Reference

client-certificate-auth API Reference / clientCertificateAuth / default

Function: default()

default(callback, options?): Middleware

Defined in: clientCertificateAuth.js:106

Enforce SSL client authorization and provide a callback which will be passed the client certificate information for additional validation.

The callback receives the certificate (as obtained through req.socket.getPeerCertificate() or extracted from headers) and must return true (or a thenable resolving to true) for the request to proceed.

Parameters

callback

(cert, req) => boolean | PromiseLike<boolean>

Validation function that receives the client certificate and the request object. Returns true/false (sync) or a PromiseLike<boolean> (async, including native Promises and any thenable resolving to a boolean) to allow/deny access.

options?

ClientCertificateAuthOptions = {}

Returns

Middleware

Examples

ts
// Synchronous validation (socket-based)
app.use(clientCertificateAuth((cert) => cert.subject.CN === 'admin'));
ts
// AWS ALB mTLS passthrough
app.use(clientCertificateAuth((cert) => cert.subject.CN === 'admin', {
  certificateSource: 'aws-alb'
}));
ts
// Custom header configuration
app.use(clientCertificateAuth((cert) => cert.subject.CN === 'admin', {
  certificateHeader: 'X-SSL-Client-Cert',
  headerEncoding: 'url-pem'
}));

Released under the MIT License.

Copyright © 2013-2026 Tony Gies