Inbound TLS rule
Prerequisites
As described in Configure Groundplex truststores:
- Your CSM must enable the
APIMClientCertificateValidator
feature flag. - An admin with root permissions for the Groundplex node hosts must configure the truststores.
- After adding truststores, restart the Groundplex nodes.
Rule fields include:
Field | Description |
---|---|
When this rule should be applied | An expression that defines one or more conditions that must be
true for the rule to execute.
Example: The expression |
Description |
Default value: Requests are being verified by TLS certificates |
Rule execution order
-
The client provides their certificate during TLS/SSL authentication.
-
The rule checks the HTTP request for the certificate.
-
If the client supplies a certificate that matches an entry in the Groundplex truststore, and isn't expired, the Snaplex continues processing the request.