- Property Manager name: Client Certificate Authentication
- Behavior version: The
v2024-01-09
rule format supports theclient_certificate_auth
behavior v1.0. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: Yes
Sends a Client-To-Edge
header to your origin server with details from the mutual TLS certificate sent from the requesting client to the edge network. This establishes transitive trust between the client and your origin server.
Option | Type | Description | Requires | |
---|---|---|---|---|
enable | boolean | Constructs the | {"displayType":"boolean","tag":"input","type":"checkbox"} | |
enable_complete_client_certificate | boolean | Whether to include the complete client certificate in the header, in its binary (DER) format. DER-formatted certificates leave out the | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enable","op":"eq","value":true}} | |
client_certificate_attributes | string array | Specify client certificate attributes to include in the | {"displayType":"string array","options":["SUBJECT","COMMON_NAME","SHA256_FINGERPRINT","ISSUER"],"tag":"select"} {"if":{"attribute":"enable","op":"eq","value":true}} | |
SUBJECT | The distinguished name of the client certificate's public key, in the | |||
COMMON_NAME | The common name (CN) that's been set in the client certificate, in the | |||
SHA256_FINGERPRINT | An SHA-256 encrypted fingerprint of the client certificate, in the | |||
ISSUER | The distinguished name of the entity that issued the certificate, in the | |||
enable_client_certificate_validation_status | boolean | Whether to include the current validation status of the client certificate in the | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enable","op":"eq","value":true}} |