mTLS Rules - Client Certificates always blocked
Hello everyone,
I'm trying out an mTLS configuration for the first time and have used this tutorial: https://jarrodnix.dev/blog/securing-a-site-with-a-cloudflare-client-certificate-and-mtls
The good news first, the created rule blocks the traffic to my underlying server. Unfortunately, I absolutely cannot get my created client certificate to be accepted.
When I use "curl -v --cert client.pem --key client.key https://your-api-endpoint.com"
to test the certificate, I get the following output:
Can someone help me get this to fly?
I'm trying out an mTLS configuration for the first time and have used this tutorial: https://jarrodnix.dev/blog/securing-a-site-with-a-cloudflare-client-certificate-and-mtls
The good news first, the created rule blocks the traffic to my underlying server. Unfortunately, I absolutely cannot get my created client certificate to be accepted.
When I use "curl -v --cert client.pem --key client.key https://your-api-endpoint.com"
to test the certificate, I get the following output:
- Connected to your-api-endpoint.com (xxx) port 443
- schannel: disabled automatic use of client certificate
- schannel: Failed to import cert file client.pem, last error is 0x80092002
- Closing connection
curl: (58) schannel: Failed to import cert file client.pem, last error is 0x80092002
Can someone help me get this to fly?
Jarrod Nix, Senior Front-End Developer
When a website required limited access, I needed a way to lock it down to specific physical devices. I couldn't rely on IP addresses which might change regularly, and while a strong password requirement might be sufficient I wanted something a little more secure. Not to mention that it shouldn't be…
