mTLS Rules - Client Certificates always blocked
Hello everyone,
I'm trying out an mTLS configuration for the first time and have used this tutorial: https://jarrodnix.dev/blog/securing-a-site-with-a-cloudflare-client-certificate-and-mtls
The good news first, the created rule blocks the traffic to my underlying server. Unfortunately, I absolutely cannot get my created client certificate to be accepted.
When I use "curl -v --cert client.pem --key client.key https://your-api-endpoint.com"
to test the certificate, I get the following output:
* Connected to your-api-endpoint.com (xxx) port 443
* schannel: disabled automatic use of client certificate
* schannel: Failed to import cert file client.pem, last error is 0x80092002
* Closing connection
curl: (58) schannel: Failed to import cert file client.pem, last error is 0x80092002
My clients are on Windows 11 and Android 10
Can someone help me get this to fly?
Jarrod Nix, Senior Front-End Developer
Securing a Site With a Cloudflare Client Certificate and mTLS
When a website required limited access, I needed a way to lock it down to specific physical devices. I couldn't rely on IP addresses which might change regularly, and while a strong password requirement might be sufficient I wanted something a little more secure. Not to mention that it shouldn't be…
1 Reply
i have solved my own issue. following this tutorial exactly again does the trick. i had one error. you have to set the client cert as described in the tutorial and than just add the host is in with the root url not including any sub domains. have reduce my rules now to only one. closing this issue.