Two Way SSL Authentication

I have some sites that cannot currently sit behind CF, as they require two way SSL authentication. All the clients accessing these hostnames have a unique SSL cert signed by my private CA, and my webserver validates that cert before allowing access. (Using ssl_client_certificate and ssl_verify_client).

Having the auth performed in CF would enable these hosts to gain the security and performance benefits all out other hostnames get.

The entire hostname requires auth (mostly because I could never get it to only work in a location below the root :slight_smile: ), and the ssl_client_certificate is not rooted in a well-known CA.

If I understand what you’re looking for, I believe we just released this for Enterprise customers:

https://support.cloudflare.com/hc/en-us/articles/115000088491-Cloudflare-TLS-Client-Auth

I haven’t actually deployed it yet for/with a customer; let’s assume it so easy even a caveman can do it.

1 Like

To clarify, this is currently Enterprise-only. Customers who wish to use mutual TLS auth can speak to their Solutions Engineer & Customer Success Manager, who will be able to get it configured for them.

1 Like