mTLS - Auth => Want 401 Unauthorized if CN not in my whitelist

Hi !

I need some mTLS between my API Gateway and traefik to be sure only this API Gateway call traefik
By default, traefik will accept all client certificates that was issued by my CA. But i want to allow only the api GW one.
Is there a trick to accept only a CN/DN or something like that ?

My other solution is to pass that info in header, but i have to code that rejection in my backend

Thanx !

Maybe traefik 2 have that option, i didn't look