File tree 2 files changed +55
-0
lines changed 2 files changed +55
-0
lines changed Original file line number Diff line number Diff line change 390390
391391puts post("/test.http?time=#{Time.now.to_i}", record).body
392392```
393+ ### How to Enable TLS Mutual Authentication
394+
395+ Fluentd supports [ TLS mutual authentication] ( https://en.wikipedia.org/wiki/Mutual_authentication )
396+ (a.k.a. client certificate auth). If you want to use this feature,
397+ please set the ` client_cert_auth ` and ` ca_path ` options as follows.
398+
399+ ```
400+ <source>
401+ @type http
402+ <transport tls>
403+ ...
404+ client_cert_auth true
405+ ca_path /path/to/ca/cert
406+ </transport>
407+ </source>
408+ ```
409+
410+ When this feature is enabled, Fluentd will check all incoming requests
411+ for a client certificate signed by the trusted CA. Requests that don't
412+ supply a valid client certificate will fail.
393413
394414------------------------------------------------------------------------
395415
Original file line number Diff line number Diff line change 208208</source>
209209```
210210
211+ ### How to Enable TLS Mutual Authentication
212+
213+ Fluentd supports [ TLS mutual authentication] ( https://en.wikipedia.org/wiki/Mutual_authentication )
214+ (a.k.a. client certificate auth). If you want to use this feature,
215+ please set the ` client_cert_auth ` and ` ca_path ` options as follows.
216+
217+ ```
218+ <source>
219+ @type tcp
220+ port 20001
221+ <transport tls>
222+ ...
223+ client_cert_auth true
224+ ca_path /path/to/ca/cert
225+ </transport>
226+ </source>
227+ ```
228+
229+ When this feature is enabled, Fluentd will check all incoming requests
230+ for a client certificate signed by the trusted CA. Requests that don't
231+ supply a valid client certificate will fail.
232+
233+ To check if mutual authentication is working properly, issue the
234+ following command:
235+
236+ ```
237+ $ openssl s_client -connect localhost:20001 \
238+ -key path/to/client.key \
239+ -cert path/to/client.crt \
240+ -CAfile path/to/ca.crt
241+ ```
242+
243+ If the connection gets established successfully, your setup is working
244+ fine.
245+
211246------------------------------------------------------------------------
212247
213248If this article is incorrect or outdated, or omits critical information, please [ let us know] ( https://github.com/fluent/fluentd-docs-gitbook/issues?state=open ) .
You can’t perform that action at this time.
0 commit comments