- Property Manager name: mTLS Edge Server to Origin
- Behavior version: The
v2024-08-13
rule format supports themtlsOriginKeystore
behavior v1.0. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: Yes
Establish a Mutual TLS (mTLS) connection between the edge server and the origin to authenticate requests. This ensures that the requests to your origin server come directly from the Akamai network. In the mTLS protocol, the origin asks the edge server to present its identity certificate. For this negotiation to work, either the origin needs to be configured for mTLS sessions, or the edge server is allowed to proceed without the edge certificate, effectively performing a standard (non-mutual) TLS connection to the origin.
Option | Type | Description | Requires | |
---|---|---|---|---|
enable | boolean | Allows a specific mutual transport layer (mTLS) client certificate in a request from the edge server to the origin. | {"displayType":"boolean","tag":"input","type":"checkbox"} | |
clientCertificateVersionGuid | string | Specifies the client certificate to authenticate your origin with the edge server. You need to create client certificates using the Mutual TLS Origin Keystore API or application. | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"enable","op":"eq","value":true}} | |
authClientCert | boolean | When enabled, the edge server requires a prompt from the origin for the client certificate's identity. If the edge server gets the request, it proceeds with the mTLS session and connects to the origin. If the edge server doesn’t get the request, the connection to the origin stops and a client error is reported. When disabled, the edge server proceeds without a request for the client certificate, making a standard TLS connection to the origin. Disabled by default. | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enable","op":"eq","value":true}} |