⚡ Enforce specific TLS versions for enhanced security.
🔄 Configure mutual TLS (mTLS) for bidirectional authentication between clients and your services.
🔍 What are the Benefits of Customizing TLS Termination?
TLS termination is essential for securing data in transit. Customizing TLS settings allows you to:- Control certificate management, choosing between automatically provisioned or manually managed TLS certificates.
- Enforce strong encryption standards by restricting which TLS versions are accepted.
- Enable mutual TLS (mTLS) for client authentication, adding an extra layer of security.
- Enhance Security: Enforce TLS policies that comply with industry best practices.
- Use Custom Certificates: Deploy your own TLS certificates to meet security or compliance requirements.
- Improve Client Authentication: Implement mutual TLS (mTLS) to verify both server and client identities.
- Ensure Compatibility: Control TLS versions for secure connections.
- Meet Compliance Standards: Enforce safety and security policies for HIPAA, PCI DSS, SOC 2, and other security frameworks.
- Multi-tenant Environments: Serve different certificates per domain in multi-tenant environments.
TLS Termination Examples
The following examples showcase how you can create an endpoint that:- Terminates TLS using a custom certificate
- Enforces mutual TLS with the clients
- Allows a max TLS version of 1.3
- Requires a minimum TLS version of 1.3
1. Generate Certificates
- CA Files:
ca.key
: CA private keyca.crt
: CA certificate
- Server Files:
server.key
: Server private keyserver.csr
: Server certificate signing requestserver.crt
: Server certificate
- Client Files:
client.key
: Client private keyclient.csr
: Client certificate signing requestclient.crt
: Client certificate (with proper clientAuth extension for mTLS)
2. Create an Endpoint with Custom TLS Termination
- AgentEndpoint
- CloudEndpoint
- Ingress
- Gateway API
Check out the terminate TLS traffic policy action page for more details about how it functions and the parameters it accepts.