K
Q

Is it possible to have client certificates with HTTP (not HTTPS)?

6/26/2018

I have an application set up like this:

enter image description here

There is a server, with a reverseproxy/load balancer that acts as the HTTPS termination (this is the one that has a server certificate), and several applications behind it(*)

However, some applications require authentication of the client with a certificate. Authentication cannot happen in the reverse proxy. Will the application be able to see the user certificate, or will it be jettisoned by the HTTPS->HTTP transfer?

(*) OK, so this is a Kubernetes ingress, and containers/pods.

-- xenoid
client-certificates
http
https
kubernetes
ssl-certificate

Similar Questions

Cron Job in Cpanel - Timezone issue
communication between two PODs in a single node(minikube )
Pod has unbound PersistentVolumeClaims but volume claims is bounded
How to connect different deployments in Kubernetes?

1 Answer

6/26/2018

It will be lost. I think you need to extract it in the reverse proxy (i.e. Nginx) and pass it in as a HTTP header if you really must. See for example https://serverfault.com/questions/788895/nginx-reverse-proxy-pass-through-client-certificate. Not very secure as the cert is passed in the clear!

I don't know if we have that level of control over the ingress, personally I'm using a normal Nginx server for incoming traffic instead.

-- ewramner
Source: StackOverflow