Support for client certificate authentication

2016-06-15 22:38:40 +02:00 · 2016-06-15 22:38:40 +02:00 · 959c7dc783
commit 959c7dc783
parent 8e333d0a03
4 changed files with 65 additions and 3 deletions
--- a/docs/basics.md
+++ b/docs/basics.md
@ -30,7 +30,7 @@ Entrypoints are the network entry points into Træfɪk.
 They can be defined using:

 - a port (80, 443...)
- SSL (Certificates. Keys...)
+- SSL (Certificates, Keys, authentication with a client certificate signed by a trusted CA...)
 - redirection to another entrypoint (redirect `HTTP` to `HTTPS`)

 Here is an example of entrypoints definition:
@ -54,6 +54,23 @@ Here is an example of entrypoints definition:
 - We enable SSL on `https` by giving a certificate and a key.
 - We also redirect all the traffic from entrypoint `http` to `https`.

+And here is another example with client certificate authentication:
+
+```toml
+[entryPoints]
+  [entryPoints.https]
+  address = ":443"
+  [entryPoints.https.tls]
+  clientCAFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
+    [[entryPoints.https.tls.certificates]]
+    certFile = "tests/traefik.crt"
+    keyFile = "tests/traefik.key"
+```
+
+- We enable SSL on `https` by giving a certificate and a key.
+- One or several files containing Certificate Authorities in PEM format are added.
+- It is possible to have multiple CA:s in the same file or keep them in separate files.
+
 ## Frontends

 A frontend is a set of rules that forwards the incoming traffic from an entrypoint to a backend.