My application is running Apache HTTP Server 2.4 and PHP 7.4.x uses client certificate authentication mechanism.
server config looks like
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile cert/2022/test_aws.pem
SSLCertificateKeyFile cert/2022/private-key.key
SSLCACertificateFile "D:/Apache24/cert/mycard_ca_bundle.crt"
SSLCADNRequestFile "D:/Apache24/cert/mycard_ca_bundle_client_cas.crt"
SSLVerifyClient none
SSLVerifyDepth 10
<LocationMatch ^/login/register*>
SSLVerifyClient require
</LocationMatch>
in the code register.php
<?php
...
$clientDN = getenv("SSL_CLIENT_S_DN");
error_log("clientDN=".$clientDN);
$emailpair = explode(",", $clientDN)[0];
$email = explode("=", $emailpair)[1];
error_log("user_email=".$email);
//further operation for in app authentication
?>
When I had a simple Client<----> Server architecture everything worked as a charm. By accessing register.php User was asked to enter his pin and a certificate was obtained from the smart card. After an introduction of Load Balancer (Client <---> Load Balancer <---> Server) every request to register.php always fall into Error 502 Bad Gateway Generally there are 2 questions.
After figuring out that mutual authentication is not supported on current type of load balancer (Application Load Balancer was chosen) problem was solved by recreating another type of Load balancer.