client_certificate

Version: `v2026-02-16`	Includes use: Yes

Criterion name: Client certificate

Matches whether you have configured a client certificate to authenticate requests to edge servers.

Default criterion

These samples reflect the criterion's default settings. You can use these as is in your configurations or make adjustments based on the criterion's available options.

data "akamai_property_rules_builder" "client_certificate" {
  rules_v2026_02_16 {
    name     = "Client certificate"
    comments = "Matches whether you have configured a client certificate to authenticate requests to edge servers."
    criterion {
      client_certificate {
        enforce_mtls = "FAIL"
      }
    }
  }
}

"criterion": [
  {
    "name": "clientCertificate",
    "options": {
      "enforceMtls": "FAIL"
    }
  }
]

Options

Option	Description
`enforce_mtls`	Enum Specifies custom handling of requests that fail `enforce_mtls_settings`. This option requires the `enforce_mtls_settings` behavior in a parent rule with match conditions set and the `enableDenyRequest` option disabled. Possible values are: `FAIL` `PASS` `IGNORE`
`certificate_state`	Enum \| Requires: `enforce_mtls_settings` is `IGNORE` When using a client certificate for authentication to edge servers, this option sets the state on which to apply related behaviors. Possible values are: `MISSING` `PRESENT_ VALID` `PRESENT_INVALID` `PRESENT`