Access verification based on client certificate

I am trying to configure authorization based the clients’ certificates. I already read the topic Can't access site using client cert authentication

I am considering to use Enterprise plan but I need to understand, how it will work. Will it be possible to forward client certificate to the origin server (may be with worker? ) or I will be able to work with certificate headers only?

I can refer you to:

It’s a little hard to say if it’s still gated by having Enterprise, see:

If you are interested in enforcing mTLS authentication in your application with Access, please contact your Customer Success Manager.

Maybe try opening a support ticket https://support.cloudflare.com/hc/en-us/requests/new, and if you do let us know the outcome.

Thank you, Judge.

Is the mutual TLS the only way to work with clients’ certificates? I highly interested in working with the certificates on the original server. This is why I asked whether it is possible to forward the client certificate to the origin server and validate it there.

In terms of technically possible, no, since CF terminates SSL it cannot pass on the client certificate’s signature; although I believe that if you get enterprise with Cloudflare Spectrum you could tunnel port 443 to your origin and client certs would function perfectly, but at a loss of nearly every other CF feature.

1 Like

Thank you, Judge