client_​certificate

Version: v2025-02-18Includes use: Yes

Criterion name: Client certificate

Matches whether you have configured a client certificate to authenticate requests to edge servers.

Default criterion

These samples reflect the criterion's default settings. You can use these as is in your configurations or make adjustments based on the criterion's available options.

data "akamai_property_rules_builder" "client_certificate" {
  rules_v2025_02_18 {
    name     = "Client certificate"
    comments = "Matches whether you have configured a client certificate to authenticate requests to edge servers."
    criterion {
      client_certificate {
        is_certificate_present = true
        is_certificate_valid = "IGNORE"
      }
    }
  }
}
"criterion": [
  {
    "name": "clientCertificate",
    "options": {
      "isCertificatePresent": true,
      "isCertificateValid": "IGNORE"
    }
  }
]

Options

Option Description
is_certificate_present
Executes rule behaviors only if a client certificate authenticates requests.
is_certificate_valid
Matches on the certificate's validity. Value is one of:
  • VALID. Match when the certificate is valid.
  • INVALID. Match when the certificate is invalid.
  • IGNORE. Ignores the certificate's is valid.
enforce_mtls
Specifies custom handling of requests if any of the checks in the enforce_mtls_settings behavior fail. Enable this and use with behaviors such as log_custom so that they execute if the check fails. You need to add the enforce_mtls_settings behavior to a parent rule, with its own unique match condition and enableDenyRequest option disabled.