Hey. According to mod_ssl documentation: " A variable name without a _n suffix is equivalent to that name with a _0 suffix; the first (or only) attribute." However, I just tried using: AuthBasicFake "%{SSL_CLIENT_SAN_Email}" and that gives: [Mon Feb 20 04:49:13.142014 2023] [auth_basic:info] [pid 1223951:tid 140675291371264] [client 91.7.31.63:57882] AH02458: AuthBasicFake: empty username expression for URI '/grafana/login', ignoring errors. Using the very same cert, but with an appended "_0" to the variable makes it work. Cheers, Chris.