> On Sep 13, 2015, at 12:02 PM, Vishwas Manral <[email protected]> wrote: > > Hi ATS-Gurus, > > We are looking at some optional mechanism for ATS to verify the client. Is > there a mechanism in ATS that exists for the same?
You need to set proxy.config.ssl.client.certification_level=1 to have ATS to optionally verify the client's TLS certificate. This is a global setting. https://trafficserver.readthedocs.org/en/latest/reference/configuration/records.config.en.html#proxy-config-ssl-client-certification-level As Sudheer mentioned, you can then use the sslheaders plugin to propagate information from the client's TLS certificate to downstream consumers. > We think client certificates or event OAUTH based mechanisms could help with > the same. OAuth can be implemented as a Traffic Server plugin, though I'm not aware of any open source implementations. J
