diff --git a/templates/nginx_server_block.conf.j2 b/templates/nginx_server_block.conf.j2
index 1633cde..7a0df95 100644
--- a/templates/nginx_server_block.conf.j2
+++ b/templates/nginx_server_block.conf.j2
@@ -17,7 +17,11 @@ server{
 
     {% if cert_optional %}
     ssl_client_certificate ca_cert.pem;
+    {% if cert_non_optional %}
+    ssl_verify_client on;
+    {% else %}
     ssl_verify_client optional;
+    {% endif %}
     ssl_verify_depth 1;
     {% endif %}
     
diff --git a/vm.py b/vm.py
index 5357528..1c9b4a3 100644
--- a/vm.py
+++ b/vm.py
@@ -144,12 +144,15 @@ class VM:
                 header_line = "proxy_set_header X-Nginx-Cert-Auth false;"
                 cert_optional = False
 
+            cert_non_optional = subdomain.get("cert-non-optional") or False
+
             component = template.render(targetip=self.ip, targetport=targetport, 
                             servernames=[subdomain["name"]], comment=compositeName,
                             proxy_pass_blob=self.proxy_pass_blob, acme=not self.noTerminateACME,
                             basicauth=subdomain.get("basicauth"),
                             extra_location=subdomain.get("extra-location"),
                             cert_optional=cert_optional,
+                            cert_non_optional=cert_non_optional,
                             cert_header_line=header_line)
             components.append(component)