mTLS Rules - Client Certificates always blocked
Hello everyone,
I'm trying out an mTLS configuration for the first time and have used this tutorial: https://jarrodnix.dev/blog/securing-a-site-with-a-cloudflare-client-certificate-and-mtls
The good news first, the created rule blocks the traffic to my underlying server. Unfortunately, I absolutely cannot get my created client certificate to be accepted.
When I use "curl -v --cert client.pem --key client.key https://your-api-endpoint.com"
to test the certificate, I get the following output:
* Connected to your-api-endpoint.com (xxx) port 443
* schannel: disabled automatic use of client certificate
* schannel: Failed to import cert file client.pem, last error is 0x80092002
* Closing connection
curl: (58) schannel: Failed to import cert file client.pem, last error is 0x80092002
My clients are on Windows 11 and Android 10
Can someone help me get this to fly?
I'm trying out an mTLS configuration for the first time and have used this tutorial: https://jarrodnix.dev/blog/securing-a-site-with-a-cloudflare-client-certificate-and-mtls
The good news first, the created rule blocks the traffic to my underlying server. Unfortunately, I absolutely cannot get my created client certificate to be accepted.
When I use "curl -v --cert client.pem --key client.key https://your-api-endpoint.com"
to test the certificate, I get the following output:
* Connected to your-api-endpoint.com (xxx) port 443
* schannel: disabled automatic use of client certificate
* schannel: Failed to import cert file client.pem, last error is 0x80092002
* Closing connection
curl: (58) schannel: Failed to import cert file client.pem, last error is 0x80092002
My clients are on Windows 11 and Android 10
Can someone help me get this to fly?
Jarrod Nix, Senior Front-End Developer
When a website required limited access, I needed a way to lock it down to specific physical devices. I couldn't rely on IP addresses which might change regularly, and while a strong password requirement might be sufficient I wanted something a little more secure. Not to mention that it shouldn't beโฆ
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
85,042Members
Resources
Was this page helpful?
