Does anyone know if these capabilities are compatible with one another within Akamai? Our testing suggests that they may not be.
We have a property which has both client certificate authentication and HTTP/2 enabled - the former via advanced metadata - and what we can see is that whenever the client uses HTTP/2, Akamai throws a #51 error reference, which translates to an "ERR_NO_CLIENT_CERT" message in Luna.
Running a wireshark on my device, everything looks normal:
- The client sends the Client Hello message, indicating support for HTTP/2 via the APLN TLS extension
- The server responds with the Server Hello, which accepts the request for HTTP/2
- The server then sends its certificate, and the client certificate request
- The client sends its certificate and the handshake completes
- The client sends the HTTP GET for the webpage
- Akamai responds with #51
When HTTP/2 is not used, there are no issues.