client-certificate-auth API Reference
client-certificate-auth API Reference / extractor / extractClientCertificate
Function: extractClientCertificate()
extractClientCertificate(
req,options?):ExtractionResult
Defined in: extractor.d.ts:54
Extract client certificate from request.
Works with both header-based extraction (reverse proxy scenarios) and socket-based extraction (direct TLS connections). Returns a structured result object instead of throwing or using callbacks, making it suitable for any framework adapter.
Parameters
req
Request object with headers and optional socket
headers
Record<string, string | string[] | undefined>
HTTP headers object
socket?
{ authorized?: boolean; getPeerCertificate?: (detailed) => PeerCertificate; }
TLS socket with getPeerCertificate() method
socket.authorized?
boolean
Whether socket was authorized
socket.getPeerCertificate?
(detailed) => PeerCertificate
Get peer certificate
options?
Extraction options
Returns
Examples
// AWS ALB header extraction
const result = extractClientCertificate(req, { certificateSource: 'aws-alb' });
if (result.success) {
console.log('Certificate CN:', result.certificate.subject.CN);
} else {
console.error('Extraction failed:', result.reason);
}// Socket extraction with fallback
const result = extractClientCertificate(req, {
certificateSource: 'envoy',
fallbackToSocket: true
});