ssl_require_client_cert

If this parameter is set to enable, the server only accepts SSL connections from clients that have digital certificates. Connections from clients without certificates are denied.

ssl_require_client_cert = enable | disable

If this parameter is set to disable, then connections are accepted from clients that do not have a digital certificate.

Whether this parameter is set to enable or disable, clients that do have digital certificates are always authenticated against the certificates supplied to the ssl_server_trusted parameter.

The default value is disable.