Is it possible to have client certificates with HTTP (not HTTPS)?
I have an application set up like this:
There is a server, with a reverseproxy/load balancer that acts as the HTTPS termination (this is the one that has a server certificate), and several applications behind it(*)
However, some applications require authentication of the client with a certificate. Authentication cannot happen in the reverse proxy. Will the application be able to see the user certificate, or will it be jettisoned by the HTTPS->HTTP transfer?
(*) OK, so this is a Kubernetes ingress, and containers/pods.
It will be lost. I think you need to extract it in the reverse proxy (i.e. Nginx) and pass it in as a HTTP header if you really must. See for example https://serverfault.com/questions/788895/nginx-reverse-proxy-pass-through-client-certificate. Not very secure as the cert is passed in the clear!
I don't know if we have that level of control over the ingress, personally I'm using a normal Nginx server for incoming traffic instead.
- Refused to apply inline style because it violates Content Security Policy (using hash for JQuery inline style)
- How to redirect the user back to the home page using FastAPI, after submitting an HTML form?
- Correct way to delete cookies server-side
- How can I get the raw HTTP message body using the request library in Node.js?
- What status code should I use when session token is invalid?
- Are there CSRF attacks that don't use cookies?
- Curl cookie authentication
- Set-Cookies Header not setting the cookie
- Tapir custom http code in successful response
- Get request headers in azure functions NodeJs Http Trigger
- NodeJS connection header always present
- How many HTTP verbs are there?
- Cookie with Max-Age = 0 and Expire = session survived after HTTP redirect?
- Rails: Return a 401?
- http request difference between postman request and the curl cmd or python code it generates
- How to disable the range option in http request header?
- How to maintain connection reuse during concurrent HTTP requests in Golang
- How to download a file over HTTP?
- Detect that asp.net http headers already sent
- How to split a Vec<u8> by a sequence of chars?
- Return string type from Spring Boot to Angular
- HttpClient exception: java.lang.IllegalArgumentException: host parameter is null
- what status code to throw when there is a concurrency error?
- HTTP method names: upper or lower case?
- How do I unregister a Handler in net/http?
- Spring Boot 3.4.0 Broken HTTP interface
- Flutter Web Status request
- Chunked transfer encoding - browser behavior
- End of an HTTP Response
- How to upload Multiple Images to rest API in Flutter?