Client Certificate authentication


#1

Hello, I would like to know how to configure Tyk (or a web front end, such as nginx which I am already using for SSL offloading) in order to provide access to a specific API via Client certificates.
The use case is the following:

1.User has a Client certificate installed on Client App.
2.Client send HTTPS request to a Tyk-exposed api, for example: “/api/cert-auth/login”
3.Tyk (or nginx) verifies the certificate
4.Tyk invokes the back end API, passing the cert as HTTP header (or “NONE” if the cert is invalid)
5.API reads the certificate parameters, issues a JWT token and return it to the calling Client.

Best regards
Roberto


#2

Hi Roberto,

Client Certificates aren’t currently supported, bu they are on the roadmap.

Sorry I can’t be of more help :-/

M.


#3

Thanks Martin, do you think I can still implement a solution based on nginx verifying the client cert and using Tyk just as a pass-through to the API?

Roberto


#4

Definitely, if you get NginX to validate the cert, you could then use an injected header to pass through to tyk.