client_certificate_auth
Version: v2025-01-13 | Includes use: Yes |
---|
Behavior name: Client Certificate Authentication
Sends a Client-To-Edge
header to your origin server with details from the mutual TLS certificate sent from the requesting client to the edge network. This establishes transitive trust between the client and your origin server.
Default behavior
These samples reflect the behavior's default settings. You can use these as is in your configurations or make adjustments based on the behavior's available options.
data "akamai_property_rules_builder" "client_certificate_auth" {
rules_v2025_02_18 {
name = "Client Certificate Authentication"
comments = "Establishes transitive trust between the client and your origin server."
behavior {
client_certificate_auth {
enable = false
}
}
}
}
"behaviors": [
{
"name": "clientCertificateAuth",
"options": {
"enable": false
}
}
]
Options
Option | Description |
---|---|
enable |
Constructs the
Client-To-Edge authentication header using information from the client to edge mTLS handshake and forwards it to your origin. You can configure your origin to acknowledge the header to enable transitive trust. Some form of the client x.509 certificate needs to be included in the header. You can include the full certificate or specific attributes.
|
enable_complete_client_certificate |
Whether to include the complete client certificate in the header, in its binary (DER) format. DER-formatted certificates leave out the
BEGIN CERTIFICATE/END CERTIFICATE statements and most often use the .der extension. Alternatively, you can specify individual client_certificate_attributes you want included in the request.
|
client_certificate_attributes |
Specify client certificate attributes to include in the
Client-To-Edge authentication header that's sent to your origin server. Available attributes:
|
enable_client_certificate_validation_status |
Whether to include the current validation status of the client certificate in the
Client-To-Edge authentication header. This verifies the validation status of the certificate, regardless of the certificate attributes you're including in the header.
|
Updated about 1 hour ago