We are working on mTLS with traefik, we are facing issue with client certificate enforcement.
we are using "clientAuthType" as "RequireAndVerifyClientCert".
Problem statement is "without giving the client certificate it still authenticates the client".
Traefik version: 2.3.1
dynamic.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: dynamic
data:
dynamic.yaml: |
tls:
options:
default:
clientAuth:
caFiles:
- /client/client-certificates.crt
clientAuthType: RequireAndVerifyClientCert
values.yaml
additionalArguments:
- "--log.level=DEBUG"
- "--providers.kubernetescrd"
- "--entrypoints.websecure.http.tls=true"
- "--entrypoints.websecure.http.tls.certresolver=default"
- "--entrypoints.websecure.http.tls.domains[0].main=DOMAIN.com"
- "--entrypoints.websecure.http.tls.domains[0].sans=*.DOMAIN.com"
- "--certificatesresolvers.default.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.default.acme.dnschallenge.provider=route53"
- "--certificatesresolvers.default.acme.storage=/data/acme.json"
- "--certificatesresolvers.default.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--providers.file.filename=/config/dynamic.yaml"
Is there any specific configuration need to be enabled in traefik side or anything we are missing.