Proposed Change
As a security expert
I want to be able to map calls to API endpoints (e.g. /v1/actual_lrps/list) to a TLS client certificate by checking the access logs
so that during incident investigations, one can determine exactly which client certificate did what
Acceptance criteria
Client certificate information (common name, organizational unit, organization) are written to the access log file.
Related links
Proposed Change
As a security expert
I want to be able to map calls to API endpoints (e.g. /v1/actual_lrps/list) to a TLS client certificate by checking the access logs
so that during incident investigations, one can determine exactly which client certificate did what
Acceptance criteria
Client certificate information (common name, organizational unit, organization) are written to the access log file.
Related links