Learn how to forward a client certificate to the backend servers when they create a request to the load balancer and provide the certificate.
You must enable the Verify peer certificate option on the load balancer's listener to make forwarding a client certificate functional. Enable this option when you first create a listener, or when editing your existing listener. For more information on the Verify peer certificate option, see Creating a Listener.
To forward your client certificate:
-
Create a rule set as described in Creating a Load Balancer Rule Set.
-
In the Create rule set panel, select Specify Request Header Rules.
-
In the Request Header Rules section, complete the following:
- Action: Select Add Request Header.
- Header: Provide a name for the header.
- Value: Enter the header value according to one of the use cases listed in the following table:
Supported Header Rule Types
| Header Value |
Description |
| {oci_lb_client_cert} |
Forwarding the client certificate in the PEM format for an established SSL connection, with each line except the first pre-pended with the tab character. |
| {oci_lb_client_cert_apache_compatible} |
Forwarding the client certificate in the PEM format and removing the \n from the certificates for an established SSL connection. |
| {oci_lb_client_cert_url_encoded} |
Forwarding the client certificate in the PEM format (url encoded) for an established SSL connection. |
-
Attach the rule set to the corresponding HTTP listener either when creating a new listener, or editing an existing one, as described in Listeners for Load Balancers.
-
Under the Rule Set section of Create listener or Edit listener panel, select the rule set you created earlier.
-
Save your changes.