diff --git a/nginx/config/default.go b/nginx/config/default.go
index 63d4f73e..bef6a0df 100644
--- a/nginx/config/default.go
+++ b/nginx/config/default.go
@@ -29,21 +29,15 @@ var _nameToDefaultTemplate = map[string]string{
 // DefaultClientVerification is the default nginx configuration for
 // client verification in the server block.
 const DefaultClientVerification = `
-ssl_verify_client on;
+ssl_verify_client optional;
 set $required_verified_client 1;
-
-# If the remote IP is 127.0.0.1, set ssl_verify_client to optional and allow no verification
 if ($remote_addr = "127.0.0.1") {
-  ssl_verify_client optional;
   set $required_verified_client 0;
 }
 
-# Check client verification status
-set $verified_client $ssl_client_verify;
-if ($required_verified_client = 1) {
-  if ($verified_client !~ ^SUCCESS$) {
-    return 403;
-  }
+set $verfied_client $required_verified_client$ssl_client_verify;
+if ($verfied_client !~ ^(0.*|1SUCCESS)$) {
+  return 403;
 }
 `