CMS Verify of any post input Typical setup: AddHandler cgi-script .cgi SetInputFilter cmsverify CMSVerifyCertificate /tmp/ca.cert # ProxyPass https://127.0.0.1/api # Alias ... etc. where this Location is then routed to a ProxyPass or for example rewritten. And call it with: echo "field1=foo&field2=bar" |\ openssl cms -sign -signer cert.pem -outform DER -nodetach -binary |\ curl -vvv --silent --data-binary - https://127.0.0.1/post-cgi/show.cgi Where 'show.cgi' is a script such as: #!/bin/sh echo Content-type: text/plain echo env | sort if [ "X$REQUEST_METHOD" = "XPOST" ]; then /usr/bin/hexdump -C fi exit 0 to confirm that this worked. Besides DER PKCS#7 the JSOn format: { "payload": "... base64 string ..", "signature": "... base64 string .." } is also accepted/detected; with signature a detached signature on the decoded payload string. And the signature again a PKCS#7 DER once decoded.