trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <>
Subject Re: ATS client Certificate
Date Tue, 15 Sep 2015 15:24:49 GMT

> On Sep 13, 2015, at 12:02 PM, Vishwas Manral <> wrote:
> Hi ATS-Gurus,
> We are looking at some optional mechanism for ATS to verify the client. Is there a mechanism
in ATS that exists for the same?

You need to set proxy.config.ssl.client.certification_level=1 to have ATS to optionally verify
the client's TLS certificate. This is a global setting.

As Sudheer mentioned, you can then use the sslheaders plugin to propagate information from
the client's TLS certificate to downstream consumers.

> We think client certificates or event OAUTH based mechanisms could help with the same.

OAuth can be implemented as a Traffic Server plugin, though I'm not aware of any open source

View raw message