Hi Mike,
I have tried to accomplish this using the steps described in //tyk.io/docs/basic-config-and-security/security/mutual-tls/ where I have whitelisted my root CA certificate. I then make a request using the client certificate (signed by my root CA) and specifying the full chaing (openssl s_client -connect *** -cert client.crt -key client.key -build_chain -CAfile chain.pem), however, I get the following:
“{
“error”: “Certificate with SHA256 d2e998330eee71f1a95500e8db329caf9db379dc14c703d54bd77b047e802824 not allowed”
}”
Using the root certificate/key on the client-side or whitelisting the client certificate does work as expected. Am I missing some configuration somewhere?
Best regards,
Niels