AnsweredAssumed Answered

HTTP/2 and Client Authentication

Question asked by Tim Savage on Apr 16, 2018
Latest reply on Apr 20, 2018 by Gunther Kochmann

Hi there,

 

Does anyone know if these capabilities are compatible with one another within Akamai? Our testing suggests that they may not be.

 

We have a property which has both client certificate authentication and HTTP/2 enabled - the former via advanced metadata - and what we can see is that whenever the client uses HTTP/2, Akamai throws a #51 error reference, which translates to an "ERR_NO_CLIENT_CERT" message in Luna.

 

Running a wireshark on my device, everything looks normal:

 

  • The client sends the Client Hello message, indicating support for HTTP/2 via the APLN TLS extension
  • The server responds with the Server Hello, which accepts the request for HTTP/2
  • The server then sends its certificate, and the client certificate request
  • The client sends its certificate and the handshake completes
  • The client sends the HTTP GET for the webpage
  • Akamai responds with #51

 

When HTTP/2 is not used, there are no issues.

 

Thanks,


Tim

Outcomes