Hi, I've been trying to set up client authentication, as discussed previously in #106, and have managed to successfully authenticate a local self signed certificate via Firefox browser interaction.
However, my primary use case is to restrict access to calls from AWS API Gateway which may include it's own generated client certificates. In this case, when attempting to make a call via the gateway, Fabio logs the following error:
2016/06/07 12:56:01 http: TLS handshake error from 52.30.177.125:47122: tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of "x509: invalid signature: parent certificate cannot sign this kind of certificate" while trying to verify candidate authority certificate "ApiGateway")
This looks similar to the problem described in this SO post where the client certificate had to be marked as IsCA.
Is there a way of achieving this in Fabio through configuration, if this is in fact the same problem?
Hi, I've been trying to set up client authentication, as discussed previously in #106, and have managed to successfully authenticate a local self signed certificate via Firefox browser interaction.
However, my primary use case is to restrict access to calls from AWS API Gateway which may include it's own generated client certificates. In this case, when attempting to make a call via the gateway, Fabio logs the following error:
2016/06/07 12:56:01 http: TLS handshake error from 52.30.177.125:47122: tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of "x509: invalid signature: parent certificate cannot sign this kind of certificate" while trying to verify candidate authority certificate "ApiGateway")This looks similar to the problem described in this SO post where the client certificate had to be marked as
IsCA.Is there a way of achieving this in Fabio through configuration, if this is in fact the same problem?