client_certificate

Version: `v2025-02-18`	Includes use: Yes

Criterion name: Client certificate

Matches whether you have configured a client certificate to authenticate requests to edge servers.

Default criterion

These samples reflect the criterion's default settings. You can use these as is in your configurations or make adjustments based on the criterion's available options.

data "akamai_property_rules_builder" "client_certificate" {
  rules_v2025_02_18 {
    name     = "Client certificate"
    comments = "Matches whether you have configured a client certificate to authenticate requests to edge servers."
    criterion {
      client_certificate {
        is_certificate_present = true
        is_certificate_valid = "IGNORE"
      }
    }
  }
}

"criterion": [
  {
    "name": "clientCertificate",
    "options": {
      "isCertificatePresent": true,
      "isCertificateValid": "IGNORE"
    }
  }
]

Options

Option	Description
`is_certificate_present`	Boolean Executes rule behaviors only if a client certificate authenticates requests.
`is_certificate_valid`	Enum \| Requires: `is_certificate_present` is `true` Matches on the certificate's validity. Value is one of: `VALID`. Match when the certificate is valid. `INVALID`. Match when the certificate is invalid. `IGNORE`. Ignores the certificate's is valid.
`enforce_mtls`	Boolean Specifies custom handling of requests if any of the checks in the `enforce_mtls_settings` behavior fail. Enable this and use with behaviors such as `log_custom` so that they execute if the check fails. You need to add the `enforce_mtls_settings` behavior to a parent rule, with its own unique match condition and `enableDenyRequest` option disabled.