trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: ATS client Certificate
Date Tue, 15 Sep 2015 15:24:49 GMT

> On Sep 13, 2015, at 12:02 PM, Vishwas Manral <vishwas.ietf@gmail.com> wrote:
> 
> Hi ATS-Gurus,
> 
> We are looking at some optional mechanism for ATS to verify the client. Is there a mechanism
in ATS that exists for the same?

You need to set proxy.config.ssl.client.certification_level=1 to have ATS to optionally verify
the client's TLS certificate. This is a global setting.

https://trafficserver.readthedocs.org/en/latest/reference/configuration/records.config.en.html#proxy-config-ssl-client-certification-level

As Sudheer mentioned, you can then use the sslheaders plugin to propagate information from
the client's TLS certificate to downstream consumers.

> We think client certificates or event OAUTH based mechanisms could help with the same.

OAuth can be implemented as a Traffic Server plugin, though I'm not aware of any open source
implementations.

J
Mime
View raw message