TLS Downstream Client Certificate Authority
Summary
If specified, downstream clients (like a user's browser) will be required to provide a valid client TLS certificate. This overrides the global client_ca option for this route.
See Client-Side mTLS With Pomerium for more information.
How to configure
- Core
- Enterprise
- Kubernetes
| YAML/JSON setting | Type | Usage |
|---|---|---|
tls_downstream_client_ca or tls_downstream_client_ca_file | string | optional |
Set TLS Downstream Client CA in the Console:
See Kubernetes TLS Certificates for more information
Examples
tls_downstream_client_ca: base64-encoded-client-ca
tls_downstream_client_ca_file: /relative/file/location