clientCertificate

  • Property Manager name: Client certificate
  • Criteria version: The v2024-08-13 rule format supports the clientCertificate criteria v1.2.
  • Rule format status: GA, stable
  • Access: Read/Write
  • Allowed in includes: Yes

Matches whether you have configured a client certificate to authenticate requests to edge servers.

OptionTypeDescriptionRequires
is​Certificate​Presentboolean

Executes rule behaviors only if a client certificate authenticates requests.

{"displayType":"boolean","tag":"input","type":"checkbox"}
is​Certificate​Validenum

Matches whether the certificate is VALID or INVALID. You can also IGNORE the certificate's validity.

is​Certificate​Present is true
{"displayType":"enum","options":["VALID","INVALID","IGNORE"],"tag":"select"}
{"if":{"attribute":"isCertificatePresent","op":"eq","value":true}}
VALID

Match when the certificate is valid.

INVALID

Match when the certificate is invalid.

IGNORE

Ignores the certificate's is valid.

enforce​Mtlsboolean

Specifies custom handling of requests if any of the checks in the enforce​Mtls​Settings behavior fail. Enable this and use with behaviors such as log​Custom so that they execute if the check fails. You need to add the enforce​Mtls​Settings behavior to a parent rule, with its own unique match condition and enable​Deny​Request option disabled.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"op":"and","params":[{"op":"or","params":[{"attribute":"isCertificateValid","op":"eq","value":"VALID"},{"attribute":"isCertificateValid","op":"eq","value":"INVALID"}]},{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"mTLS_client_to_edge"}]}}