mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-03 16:59:22 +02:00
3bd73be534
* version 0.9 is old enough as to not warrant reference * copy edits and formatting * Consolidate 'before you begin' and warn that mkcert is for development. * update and refresh * add troubleshooting partial * standardize img path for partial * Apply suggestions from code review Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * clarify all route mtls config * remove troubleshooting section This commit requires that the PR **not** be backported, since the fix that negates this workaround will not be backported. Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
597 B
597 B
Route doesn't ask for certificate
When Pomerium is configured to listen on alternate ports (as opposed to the standard 443 for TLS traffic), the route-specific mTLS keys tls_downstream_client_ca and tls_downstream_client_ca_file will not work. The route will not request the client certificate, resulting in an immediate HTTP 495 error:
This is a known bug. Until it is resolved, mTLS must be set for all routes using client_ca or client_ca_file when using alternate ports.