Open feature request for Traefik to add MTLS prompts in browsers

Dan3424 · May 7, 2024, 11:12am

For anyone using MTLs with traefik or would want to use MTLs if Traefik prompted clients using browsers for client certificates the way Cloudflare and others do please like and comment on this feature request so it can gain traction.

github.com/traefik/traefik

Traefik should prompt for MTLs client certificates in the browser

opened 12:43AM - 20 Apr 24 UTC

Daniel-dev22

kind/proposal area/tls

### Welcome! - [X] Yes, I've searched similar issues on [GitHub](https://gith…ub.com/traefik/traefik/issues) and didn't find any. - [X] Yes, I've searched similar issues on the [Traefik community forum](https://community.traefik.io) and didn't find any. ### What did you expect to see? I'm not sure how Cloudflare does it but when using MTLs in Cloudflare a certificate prompt occurs. Cloudflare isn't the only service that implements this correctly. A quick Google search for "browser MTLs prompt" will show what I'm referring to. Traefik never prompts for a certificate resulting in it failing with `ERR_BAD_SSL_CLIENT_AUTH_CERT` Similar issues have been posted in the past however for some reason this still hasn't been implemented. Essentially limiting MTLs to server to server communication vs also being compatible with clients such as end user devices. It's surprisingly hard to find how Cloudflare even does this. Not sure this is the same thing as the server requesting this since this seems more frontend related and what Cloudflare and others do is not frontend related it happens before frontend connection even occurs. https://www.electronjs.org/docs/latest/api/app#event-select-client-certificate Here's how the prompt looks. ![Screenshot_20240419_205422_Key Chain](https://github.com/traefik/traefik/assets/47092714/775be52f-1daf-4bbc-b6d1-4635e0a91e87)

bluepuma77 · May 7, 2024, 6:22pm

Did you check the doc about RequestClientCert?

Dan3424 · May 7, 2024, 7:02pm

No because I want it to request, require and verify the client certificate.

I'm confused why that's even an option because it doesn't verify the certificate. If one is using MTLs it's because they want to verify the client is authorized to access the resource.

karanbir · June 23, 2024, 2:52am

I can confirm on this, there was no prompt, coming in for me either!

To overcome this bundle your cert+key into a p12 bundle and then load it into the system (different steps for windows/ linux / mac)

Once loaded the prompt should automatically show up

Topic		Replies	Views
mTLS - Add client cert on outbound Traefik v2	3	1199	July 3, 2019
mTLS in browser (chrome, firefox,...) as client doesn't work! Traefik v2 file	3	4801	May 7, 2024
Can traefik act a a client with mTLS to backend? Traefik v2 file , tcp	6	1033	December 11, 2020
mTLS RequireAndVerify and iOS Traefik v2 docker , middleware	1	588	May 7, 2024
HTTPS Proxy with mutualTLS Traefik v2 file	3	1679	December 8, 2020

Open feature request for Traefik to add MTLS prompts in browsers

Related topics