When setting up a reverse proxy interface with client certificate authentication you trust the CA that issued the specific certificate.
This allow/authorize any certificate issued by that CA.
We're looking into Traefik as a replacement for Apache HTTPD with mod_proxy. With Apache HTTPD we are able to setup these kind of rules to check the CN and other fields from a supplied certificate:
Require expr %{SSL_CLIENT_S_DN_CN} eq "google.com" and %{SSL_CLIENT_S_DN_O} eq "Google LLC"
Can this be done with Traefik somehow?
Does anyone have examples?
Kind Regards,
Shiva