Can traefik act a a client with mTLS to backend?

This issue came up in another post but I was hoping to hear from the traefik people if traefik has the capability of acting as a client which can pass SSL client certificates to the backend as a part of mTLS. I've read the documentation many times and it seems per documentation traefik can only act on the server side of a mTLS connection, not as a client.

1 Like

Hi @kevdog,

The PR #7203 allows to tune connection per service thanks to serverstransport, so you will be able to configure mtls.
It will be shipped in the v2.4, and before you ask, the v2.4-rc1 will come in the coming weeks. :wink:


Hey thanks for that link. @juliens mentioned this release version in another post. I looked at the link to the PR however I was very unclear if this PR actually allows mTLS with traefik acting as the client. There isn't a preview for any documentation associated with this new release is there?

The documentation is available here, let me know if it helps you. :slight_smile:

I believe that's just a link to the old documentation. I don't see anything in the documentation regarding mTLS with traefik as the client.

This link point to the experimental version of doc which matches with the master branch of code.
You have all the new configuration options available on a service like:

certificates is the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS.

Thank you kindly for this explanation. I see the difference.

1 Like