- Property Manager name: Client certificate
- Criteria version: The
v2026-02-16rule format supports theclientCertificatecriteria v1.3. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: Yes
Matches whether you have configured a client certificate to authenticate requests to edge servers.
| Option | Type | Description | Requires | |
|---|---|---|---|---|
enforceMtls | enum | Specifies custom request handling depending on the result of checks in the | {"displayType":"enum","options":["FAIL","PASS","IGNORE"],"tag":"select"}{"if":{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"mTLS_client_to_edge"}} | |
FAIL | Perform the processing when a valid client certificate is not present. | |||
PASS | Perform the processing when a valid client certificate is present. | |||
IGNORE | Ignore the checks performed in the | |||
certificateState | enum | Specifies the status of the certificate. | enforceMtls is IGNORE | {"displayType":"enum","options":["MISSING","PRESENT_VALID","PRESENT_INVALID","PRESENT"],"tag":"select"}{"if":{"op":"or","params":[{"attribute":"enforceMtls","op":"eq","value":"IGNORE"},{"expression":{"op":"or","params":[{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"mTLS_client_to_edge"},{"attribute":"property.modulesOnContract","op":"contains","scope":"global","value":"mTLS_client_to_edge"}]},"op":"not"}]}} |
MISSING | Perform the processing when a client certificate is not present. | |||
PRESENT_VALID | Perform the processing when a valid client certificate is present. | |||
PRESENT_INVALID | Perform the processing when an invalid client certificate is present. | |||
PRESENT | Perform the processing when a client certificate is present, whether or not it is valid. |