Mutual TLS Auth with Upstream API Provider

Our Kong gateway sits in front of multiple API Providers. Some of them use Mutual TLS Auth where Kong will present the certificate with the upstream API Provider. However, not all of the API providers are looking for the same certificate. How can I present different public certificates based on the API?

So service/route FOO presents the certificate for Private Key 1 to API Provider A.
Service/route BAR presents the certificate for Private Key 2 to API Provider B.

If all providers were looking for the same key, I could use the nginx directives proxy_ssl_certificate
and proxy_ssl_certificate_key. But that’s not the case.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ