Is it possible to have route specific mTLS authentication? For example route service-1/* would need a client certificate but route api/* would not.
4. Error messages and/or full log output:
5. What I already tried:
To define new site block with https://our.organization.fi/service-1* requiring mTLS for all routes inside that block. Instead requiring certificate for routes service-1/* Caddy requires now certificate for all routes defined in any site block.
Thanks @matt for the clarification! It sounds indeed a bit cumbersome to configure. Probably we will also look into alternative ways to verify that the sender is whom it says it is, e.g. with private key signed JWT tokens.
Just a silly question, is it possible to include the client certificates when reverse proxying the request? By this, the certificate could be verified in the service behind Caddy.