Using ReTool Mobile behind Cloudflare WAF mTLS

Hi,

I am hosting my ReTool instance behind a Cloudflare WAF mTLS rule enforcing a client certificate installed on the device. Everything works fine both on desktop, as well as on mobile browsers. But the ReTool app (the one used for mobile pages) does not work and throws a login error 403.

It looks like the http communication is not using the client certificate installed on the device.

Does someone else use the same setup? If not, is it possible to know what endpoints the app is using to whitelist those from the mTLS-check?

Hey @tharuin! Welcome to the community. :slightly_smiling_face:

I haven't seen this specific architecture before, but I think we can probably figure out which specific requests to allowlist or, ideally, how to get the app to requests to use your client certificates. At which point in the auth flow is do you see the 403 response?