Reading zero-trust page below,
I tried using the Common Name (CN) rule / policy to Allow access for me if I present a client cert. The web browser doesn’t seem to prompt for it though - with/without the tunnel DNS cname in the coverage of the client SSL cert challenge.
I haven’t been able to make this work, testing with the following command:
cloudflared access ssh-gen --hostname argo.example.com(*)
(*) not real hostname
cloudflared appears to be running okay on the server where it’s set as per the ssh example. Is there a way to get more debug info about the access client auth?