Package software.amazon.awscdk.services.elasticloadbalancingv2

Interface MutualAuthentication

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

MutualAuthentication.Jsii$Proxy

@Generated(value="jsii-pacmak/1.116.0 (build 0eddcff)",
           date="2025-10-29T11:15:39.922Z")
@Stability(Stable)
public interface MutualAuthentication
extends software.amazon.jsii.JsiiSerializable

The mutual authentication configuration information.

Example:

 import software.amazon.awscdk.services.certificatemanager.*;
 Certificate certificate;
 ApplicationLoadBalancer lb;
 Bucket bucket;
 TrustStore trustStore = TrustStore.Builder.create(this, "Store")
         .bucket(bucket)
         .key("rootCA_cert.pem")
         .build();
 lb.addListener("Listener", BaseApplicationListenerProps.builder()
         .port(443)
         .protocol(ApplicationProtocol.HTTPS)
         .certificates(List.of(certificate))
         // mTLS settings
         .mutualAuthentication(MutualAuthentication.builder()
                 .advertiseTrustStoreCaNames(true)
                 .ignoreClientCertificateExpiry(false)
                 .mutualAuthenticationMode(MutualAuthenticationMode.VERIFY)
                 .trustStore(trustStore)
                 .build())
         .defaultAction(ListenerAction.fixedResponse(200, FixedResponseOptions.builder().contentType("text/plain").messageBody("Success mTLS").build()))
         .build());
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	MutualAuthentication.Builder	A builder for MutualAuthentication
static final class	MutualAuthentication.Jsii$Proxy	An implementation for MutualAuthentication

Method Summary

Modifier and Type	Method	Description
static MutualAuthentication.Builder	builder()
default Boolean	getAdvertiseTrustStoreCaNames()	Indicates whether trust store CA names are advertised.
default Boolean	getIgnoreClientCertificateExpiry()	Indicates whether expired client certificates are ignored.
default MutualAuthenticationMode	getMutualAuthenticationMode()	The client certificate handling method.
default ITrustStore	getTrustStore()	The trust store.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getAdvertiseTrustStoreCaNames

@Stability(Stable)
@Nullable
default Boolean getAdvertiseTrustStoreCaNames()

Indicates whether trust store CA names are advertised.

Default: false

getIgnoreClientCertificateExpiry

@Stability(Stable)
@Nullable
default Boolean getIgnoreClientCertificateExpiry()

Indicates whether expired client certificates are ignored.

Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH

Default: false

getMutualAuthenticationMode

@Stability(Stable)
@Nullable
default MutualAuthenticationMode getMutualAuthenticationMode()

The client certificate handling method.

Default: MutualAuthenticationMode.OFF

getTrustStore

@Stability(Stable)
@Nullable
default ITrustStore getTrustStore()

The trust store.

Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH

Default: - no trust store

builder

@Stability(Stable)
static MutualAuthentication.Builder builder()

Returns:

a MutualAuthentication.Builder of MutualAuthentication