Note: To simplify the common scenario of maintainers looking at the monitoring endpoint,verify
andverify_and_map
do not apply to the monitoring port.
verify
to the TLS configuration section as follows:ca_file
option. When ca_file
is not present it will default to CAs in the system trust store. It also makes sure that the client provides a certificate with the extended key usage TLS Web Client Authentication
.verify_and_map
as shown as follows:Note thatverify
was changed toverify_and_map
.
Note: This mechanism will pick the user it finds first. There is no configuration to restrict this.
Note that for this example to work you will have to modify the user to match what is in your certificates subject. In doing so, watch out for the order of attributes!