mTLS using Step CA and Traefik

I self-host Step CA alongside Traefik in my home environment. Last weekend, I tried setting up mTLS using the two for additional security.

Helpful commands:

# I got the certificate fingerprint by running the following inside the Step CA Docker container:
step certificate fingerprint certs/root_ca.crt

# Bootstrap Step CA CLI on my MacOS (which is a different device than the one that hosts the CA):
step ca bootstrap \
    --ca-url https://web-server.lan:9000 \
    --fingerprint=foo

# Generate a new client certificate:
step ca certificate \
    ketan-ios ketan-ios.crt ketan-ios.key \
    --ca-url=https://web-server.lan:9000 \
    --provisioner='admin' \     # There is a command to list provisioners inside the Step CA container.
    --not-after=87600h

# Convert the client cert and key into a file format that can be imported into an iOS device.
step certificate p12 ketan-ios.p12 ketan-ios.crt ketan-ios.key

With all this, I was able to connect through Curl:

curl  --cert ketan-ios.crt --key ketan-ios.key https://foo