TLS Client Certificate
Summary
If specified, Pomerium will present this client certificate to upstream services when requested to enforce mutual authentication (mTLS).
For more details, see our mTLS example repository and the Upstream mTLS With Pomerium guide.
How to configure
- Core
- Enterprise
- Kubernetes
| YAML/JSON setting | Type | Usage |
|---|---|---|
tls_client_cert and tls_client_key | string (base64-encoded) | optional |
tls_client_cert_file and tls_client_key_file | string (base64-encoded) | optional |
Set the TLS Client Certificate under TLS Settings in the Console:
See Kubernetes TLS Certificates for more information
Examples
tls_client_cert: base64-encoded-certificate
tls_client_key: base64-encoded-keywords
# or
tls_client_cert_file: /relative/file/location
tls_client_key_file: /relative/file/location