[TKT] mTLS

it.infrastructure · January 31, 2025, 12:23pm

What is the name of the domain?

What is the issue you’re encountering

mTLS on backend servers

What steps have you taken to resolve the issue?

We are trying to set mTLS on a nginx server behind Cloudflare, it works on local networks but not if the request goes through Cloudflare, it’s like if client certificates don’t reach nginx (maybe beause of tls termination?)…

Is this scenario possible? did a few tests with managed transform and custom rules to set client certificates header on response to origin but no luck…

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

sjr · January 31, 2025, 8:22pm

Correct, if proxied, Cloudflare is terminating the TLS connection at the edge, so your clients are trying to use the certificate there. A separate connection is made from Cloudflare to your origin.

If you have an Enterprise plan…

Otherwise you will need to use Cloudflare certificates…

system · February 15, 2025, 8:23pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Question about client certificates Security	11	69	January 8, 2025
Nginx Client certificate Security	3	3949	June 12, 2020
MTLS with uploaded certificate? Security	4	2106	December 19, 2021
About mutual SSL/TLS with Cloudflare Security	1	2388	December 26, 2020
Authenticated origin pulls mTLS with own client certificates General	4	49	October 15, 2024