TLS Downstream Client Certificate Authority
- Config File Key:
tls_downstream_client_ca
ortls_downstream_client_ca_file
- Type: base64 encoded
string
or relative file location - Optional
If specified, downstream clients (eg a user's browser) will be required to provide a valid client TLS certificate. This overrides the global client_ca
option for this route.
See Client-Side mTLS With Pomerium for more information.