if ($ssl_client_verify != "SUCCESS") {
    return 401;
}
if ($ssl_client_verify = "SUCCESS") {
    set $team "_AUTH_ID_$ssl_client_serial";
}