Getting Common Name from Distinguished Name of client certificate in NGINX
The pattern you use requires the legacy DN, since it assumes the /
to separate the RDNs. So (since nginx v1.11.6) the following works:
map $ssl_client_s_dn_legacy $ssl_client_s_dn_cn { default ""; ~/CN=(?<CN>[^/]+) $CN;}
With $ssl_client_s_dn_legacy: /O=Test Organization/CN=testcn
As @christof-r mentioned, your regex matched with the legacy DN pattern. Please use this regex to match with the current ( > v1.11.6) pattern.
map $ssl_client_s_dn $ssl_client_s_dn_cn { default ""; ~CN=(?<CN>[^,]+) $CN;}