GuideReference
TrainingSupportCommunity
Guide

client_​certificate_​auth


Sends a Client-To-Edge header to your origin server with details from the mutual TLS certificate sent from the requesting client to the edge network. This establishes transitive trust between the client and your origin server.

OptionTypeDescriptionRequires
enableboolean

Constructs the Client-To-Edge authentication header using information from the client to edge m​TLS handshake and forwards it to your origin. You can configure your origin to acknowledge the header to enable transitive trust. Some form of the client x.​509 certificate needs to be included in the header. You can include the full certificate or specific attributes.

{"displayType":"boolean","tag":"input","type":"checkbox"}
enable_​complete_​client_​certificateboolean

Whether to include the complete client certificate in the header, in its binary (DER) format. DER-formatted certificates leave out the BEGIN CERTIFICATE/END CERTIFICATE statements and most often use the .der extension. Alternatively, you can specify individual client_​certificate_​attributes you want included in the request.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enable","op":"eq","value":true}}
client_​certificate_​attributesstring array

Specify client certificate attributes to include in the Client-To-Edge authentication header that's sent to your origin server.

{"displayType":"string array","options":["SUBJECT","COMMON_NAME","SHA256_FINGERPRINT","ISSUER"],"tag":"select"}
{"if":{"attribute":"enable","op":"eq","value":true}}
SUBJECT

The distinguished name of the client certificate's public key, in the Client-To-Edge authentication header.

COMMON_​NAME

The common name (CN) that's been set in the client certificate, in the Client-To-Edge authentication header.

SHA256_FINGERPRINT

An SHA-256 encrypted fingerprint of the client certificate, in the Client-To-Edge authentication header.

ISSUER

The distinguished name of the entity that issued the certificate, in the Client-To-Edge authentication header.

enable_​client_​certificate_​validation_​statusboolean

Whether to include the current validation status of the client certificate in the Client-To-Edge authentication header. This verifies the validation status of the certificate, regardless of the certificate attributes you're including in the header.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enable","op":"eq","value":true}}