Support for client side certificate authentication?


#1

Does fastly support client side certificates?


#2

Hey Dhan

If you’re asking whether Fastly can host Customer Certificates then the answer is yes. There is a charge for this service but its probably best to log a ticket with support@fastly.com to get things going. They are likely to put you in touch with a Sales Rep who can reach out to you and take things from there. Hope that helps!


#3

Hey Dhan

I just had a word internally and it would seem that I may have spoke out of turn on this one. Turns out we do not support Client Side Certificate Authentication after all.


#4

We do not support client certs on the browser side (i.e. we cannot authenticate a browser based on the client certificate it provides to us in the handshake.) However, we do support them on the origin side, meaning you can configure a client cert & key for Fastly to use when connecting to the origin.

Can I ask what your use case is?


#5

Similar to the client cert on browser side use case. Would like to authenticate client cert on a server-to-server integration (i.e. external server to fastly). So sounds like the answer is “not supported”, but please let me know if I’m missing something.


#6

We do support Client Certificates from Fastly to Origin. That’s under TLS Options on the backend config.


#7

Over 2 years later, I’m wondering whether this is still the case, or whether its under consideration? It’s very useful for scenarios where fastly sits between others services and one’s backend.