Client Certificate authentication

previ · June 23, 2016, 10:00pm

Hello, I would like to know how to configure Tyk (or a web front end, such as nginx which I am already using for SSL offloading) in order to provide access to a specific API via Client certificates.
The use case is the following:

1.User has a Client certificate installed on Client App.
2.Client send HTTPS request to a Tyk-exposed api, for example: “/api/cert-auth/login”
3.Tyk (or nginx) verifies the certificate
4.Tyk invokes the back end API, passing the cert as HTTP header (or “NONE” if the cert is invalid)
5.API reads the certificate parameters, issues a JWT token and return it to the calling Client.

Best regards
Roberto

Martin · June 24, 2016, 11:18am

Hi Roberto,

Client Certificates aren’t currently supported, bu they are on the roadmap.

Sorry I can’t be of more help :-/

M.

previ · June 24, 2016, 11:33am

Thanks Martin, do you think I can still implement a solution based on nginx verifying the client cert and using Tyk just as a pass-through to the API?

Roberto

Martin · June 24, 2016, 12:15pm

Definitely, if you get NginX to validate the cert, you could then use an injected header to pass through to tyk.