Passing client certificate in simple TLS mode

Hi all,
I have a requirement where I have to send the client certificate to my internal service. I tried adding an envoyfilter with forward_client_cert_details: FORWARD_ONLY but this forwards the client certificate only if the TLS mode is mutual. I do not want to enable tlsMode MUTUAL over the entire gateway, I just need the client certificate to be passed on to my internal service. Is there any way to do this?

2 Likes

AFAIK, if using the TLS protocol, the client cert is only passed when the mode is mutual TLS. But you may add the client cert to a payload of your own design; as long as the recipient understands the payload format, the recipent will be able to parse it.