Part 5: mTLS Header
Mutual transport layer security (mTLS) with consumer authentication using client certificates at the Kong Gateway plays an important role in building a zero-trust architecture. But perimeter security devices that perform TLS termination, so-called TLS terminating reverse proxies (TTRP), break the automatic mapping of client certificates to Kong consumers. This blog demonstrates mTLS consumer authentication even with preceding TTRPs, without requiring TCP passthrough.27.03.2024
Alexander Suchier
- Kong
- Gateway
- Kong Plugin
- mTLS
- mutual TLS
- client certificate
- perimeter security
- RFC 9440
- TTRP
- ZTA
- PDK
- Lua Module
➔
Other Topics
- aad
- acl
- agentic ai
- ai
- ai gateway
- ai riskmanagement
- android
- api developer portal
- api gateway
- api management
- api security
- app store
- argo-cd
- array of struct
- augmented reality
- automation
- aws
- best practice
- blockchain
- buildah
- ci
- ci/cd
- client certificate
- cloud
- compiler
- computing
- container
- control plane
- cowsay
- crossplane
- cybersecurity
- data
- data architecture
- data governance
- data lake
- data mesh
- data strategy
- data transfer
- data warehouse
- data-oriented design
- data-streams
- decentralization
- dependency management
- devcontainers
- development
- development environments
- devops
- devsecops
- dlt
- docker
- eks
- entity component system
- ethical ai
- etl
- external secrets
- fastlane
- financial services
- flutter
- frontend
- functions
- gateway
- genai
- github actions
- gitops
- hallucinations
- hashicorp vault
- hazelcast
- http/2
- infrastructure
- infrastructure as code
- integrated development environment
- java
- java 17
- jwt
- jwt signer
- kafka
- kafka connect
- kong
- kong plugin
- kubernetes
- kubernetes operator
- lcg
- lua module
- lxm
- mcp
- metrics
- microservices
- mixed reality
- mobile
- mobile development
- monitoring
- mtls
- multi-threading
- mutual tls
- oauth 2.0
- obo
- observability
- on-behalf-of
- openid connect
- openidconnect
- opentelemetry
- parameter store
- pdk
- perimeter security
- platform engineering
- play store
- plugin cloning
- plugins
- post-function
- pre-function
- priority-updater
- process automation
- prometheus
- quarkus
- rag
- rancher desktop
- random
- rca
- restful api
- rfc 9068
- rfc 9440
- root cause analysis
- rootless
- routing
- saml
- saml bearer assertion
- scalability
- sealed secrets
- secrets
- secrets manager
- security
- seo
- serverless
- servicemonitor
- software lifecycle
- software supply chain
- sport
- spring ai
- ssh
- ssm
- streamapi
- time to first byte
- token cloning
- token exchange
- token validation
- traffic management
- ttrp
- user experience
- vector database
- virtual reality
- visual studio code
- vpc
- vss
- web performance optimization
- xr technology
- zero-trust architecture
- zta