All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Workers - New RFC 9440 mTLS certificate fields in Workers

3mo ago

Source

CloudflareWorkers - New RFC 9440 mTLS certificate fields in Workerscloudflare.com
Snippet from the RSS feed
Four new fields are now available on request.cf.tlsClientAuth in Workers for requests that include a mutual TLS (mTLS) client certificate. These fields encode the client certificate and its intermediate chain in RFC 9440 format — the same standard format used by the Client-Cert and Client-Cert-Chain HTTP headers — so your Worker can forward them directly to your origin without any custom parsing or encoding logic. New fields Field Type Description certRFC9440 String The client leaf certificate in RFC 9440 format ( :base64-DER: ). Empty if no client certificate was presented. certRFC9440TooLarge Boolean true if the leaf certificate exceeded 10 KB and was omitted from certRFC9440 . certChainRFC9440 String The intermediate certificate chain in RFC 9440 format as a comma-separated list. Empty if no intermediates were sent or if the chain exceeded 16 KB. certChainRFC9440TooLarge Boolean true if the intermediate chain exceeded 16 KB and was omitted from certChainRFC9440 . Example: forwarding client certificate headers to your origin export default { async fetch ( request ) { const tls = request . cf . tlsClientAuth ; // Only forward if cert was verified and chain is complete if ( ! tls || ! tls . certVerified || tls . certRevoked || tls . certChainRFC9440TooLarge ) { return new Response ( "Unauthorized" , { status : 401 } ) ; } const headers = new Headers ( request . headers ) ; headers . set ( "Client-Cert" , tls . certRFC9440 ) ; headers . set ( "Client-Cert-Chain" , tls . certChainRFC9440 ) ; return fetch ( new Request ( request , { headers } )) ; }, }; For more information, refer to Client certificate variables and Mutual TLS authentication .

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.