How to read TLS certificate sent by a client on the server side?

This is how I did it:

curl -v \  --key ./admin-key.pem \  --cert ./admin.pem \  https://xxxx/api/v1/

A client sends a TLS certificate when mutual TLS is used.

In the mutual TLS handshake, the TLS client certificates are not sent in HTTP headers. They are transmitted by the client as part of the TLS messages exchanged during the handshake, and the server validates the client certificate during the handshake.Broadly there are two parts to the mTLS handshake, the client validates and accepts the server certificate and the server validates and accepts the client certificate.

If the client certificate is accepted, most web servers can be configured to add headers for transmitting the certificate or information contained on the certificate to the application. Environment variables are populated with certificate information in Apache and Nginx which can be used in other directives for setting headers.

As an example of this approach, the following Nginx config snippet will validate a client certificate, and then set the SSL_CLIENT_CERT header to pass the entire certificate to the application. This will only be set when then certificate was successfully validated, so the application can then parse the certificate and rely on the information it bears.

server {    listen 443 ssl;    server_name example.com;    ssl_certificate /path/to/chainedcert.pem;  # server certificate    ssl_certificate_key /path/to/key;          # server key    ssl_client_certificate /path/to/ca.pem;    # client CA    ssl_verify_client on;    proxy_set_header SSL_CLIENT_CERT $ssl_client_cert;    location / {        proxy_pass http://localhost:3000;    }}