Client Certificate Verification
Go to the Application
SSL page and click the edit button.
Optional to enable the client certificate verification.
- Yes: Force client certificate verification, if there is no client certificate or incorrect client certificate, 400 error code will be returned directly.
- Optional: Optional client certificate verification, if there is no client
certificate or incorrect client certificate will not return 400 error code,
you need to use
Enable SSL Client Verifyaction in the page rule for authentication.
If the client certificate is a self-signed certificate, you need to upload the CA certificate that issued it.
Enable Client Certificate Verification In Page Rules
You need to ensure that the option for client certificate verification is
Client certificate verification can be enabled flexibly according to different conditions in the page rules, for example, verification is enabled only when the URI prefix is
We also provide
Subject DN and
Issuer DN in the client certificate as conditions that can distinguish different client certificates.
Subject DN and
Issuer DN can be read with the
# subject DN openssl x509 -subject -nameopt RFC2253 -noout -in client.crt # issuer DN openssl x509 -issuer -nameopt RFC2253 -noout -in client.crt
If we want to customize the client certificate verification error page, we can add Custom Error Page before enabling client certificate verification.