Note: To simplify the common scenario of maintainers looking at the monitoring endpoint,
verify_and_mapdo not apply to the monitoring port.
verifyto the TLS configuration section as follows:
ca_fileis not present it will default to CAs in the system trust store. It also makes sure that the client provides a certificate with the extended key usage
TLS Web Client Authentication.
verify_and_mapas shown as follows:
verifywas changed to
Note: This mechanism will pick the user it finds first. There is no configuration to restrict this.
Note that for this example to work you will have to modify the user to match what is in your certificates subject. In doing so, watch out for the order of attributes!