Mutual TLS to origin

Store your client certificate in a Fastly secret store to enable mTLS on backend requests.


Use this solution in your Compute service:

  1. Rust
fastly = "0.9.2"
use fastly::backend::Backend;
use fastly::secret_store::{LookupError, SecretStore};
use fastly::{Error, Request, Response};
fn main(req: Request) -> Result<Response, Error> {
// Fetch the certificate from a secret store
let store = SecretStore::open("my_credentials_store")?;
// This is not actually a secret, but it's convenient to store it in
// the secret store, paired with the key.
let certificate_bytes = store
.ok_or_else(|| LookupError::InvalidSecretName("fastly_certificate".to_string()))?
let certificate = String::from_utf8(certificate_bytes)?;
// This is definitely a secret
let certificate_key = store
.ok_or_else(|| LookupError::InvalidSecretName("fastly_key".to_string()))?;
// mTLS is currently only supported on dynamic backends
let backend = Backend::builder("origin_0", "")
.provide_client_certificate(certificate, certificate_key)

User contributed notes


Do you see an error in this page? Do have an interesting use case, example or edge case people should know about? Share your knowledge and help people who are reading this page! (Comments are moderated; for support, please contact