pcx_content_type | title | weight | meta | ||
---|---|---|---|---|---|
concept |
Client certificates |
6 |
|
Use Cloudflare public key infrastructure (PKI) to create client certificates. Use these certificates with Cloudflare API Shield or Cloudflare Workers to enforce mutual Transport Layer Security (mTLS) encryption.
{{}}
To use API Shield to protect your API or web application, you must do the following:
-
Use Cloudflare’s fully hosted public key infrastructure (PKI) to create a client certificate.
-
Configure your mobile app or IoT device to use your Cloudflare-issued client certificate.
-
Enable mTLS for the hosts you wish to protect with API Shield.
-
Create WAF custom rules that require API requests to present a valid client certificate.
{{}}
To authenticate Workers requests using mTLS:
- Use Cloudflare’s fully hosted public key infrastructure (PKI) to create a client certificate.
- Create and use an mTLS binding to authenticate Workers connections.