SSL client certificate authentication

Background

Client certificate authentication is a mechanism to restrict access to HTTP resources to clients that possess a valid public key certificate. The method is frequently employed in enterprise applications.

Configuration

Basic Configuration

To configure SSL client authentication provide the key and the certificate to be used in TLS settings and enable the SSL client auth plugin in config:

config:
  target: "https://example.com"
  tls:
    # useful for testing, should not be used in production:
    rejectUnauthorized: false
    #
    # Specify client key and certificate:
    #
    client:
      key: "./client-key.pem"
      cert: "./client-crt.pem"
  #
  # Enable the plugin:
  #
  plugins:
    http-ssl-auth: {}

Once configured, all requests will use the provided key and certificate for authentication.

PEM Key Password

You can provide a password for the key with the passphrase option:

config:
  target: "https://example.com"
  tls:
    # useful for testing, should not be used in production:
    rejectUnauthorized: false
    #
    # Specify client key and certificate:
    #
    client:
      key: "./client-key.pem"
      cert: "./client-crt.pem"
      passphrase: "mysecretpassword"
  #
  # Enable the plugin:
  #
  plugins:
    http-ssl-auth: {}

Disabling SSL Auth Selectively

To specify that a request should not use SSL client auth, set sslAuth to false:

  - flow:
      - get:
          url: "https://example.com/some/url"
          sslAuth: false # ignore SSL client auth settings