diff --git a/images/pomerium/config.yaml b/images/pomerium/config.yaml
index c7696ee..026b566 100644
--- a/images/pomerium/config.yaml
+++ b/images/pomerium/config.yaml
@@ -3,7 +3,7 @@
 # this is the domain the identity provider will callback after a user authenticates
 authenticate_service_url: https://authenticate.devusb.us
 
-client_ca: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdDakNDQS9LZ0F3SUJBZ0lJVjVHNmxWYkNMbUV3RFFZSktvWklodmNOQVFFTkJRQXdnWkF4Q3pBSkJnTlYKQkFZVEFsVlRNUmt3RndZRFZRUUtFeEJEYkc5MVpFWnNZWEpsTENCSmJtTXVNUlF3RWdZRFZRUUxFd3RQY21sbgphVzRnVUhWc2JERVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFVE1CRUdBMVVFQ0JNS1EyRnNhV1p2CmNtNXBZVEVqTUNFR0ExVUVBeE1hYjNKcFoybHVMWEIxYkd3dVkyeHZkV1JtYkdGeVpTNXVaWFF3SGhjTk1Ua3gKTURFd01UZzBOVEF3V2hjTk1qa3hNVEF4TVRjd01EQXdXakNCa0RFTE1Ba0dBMVVFQmhNQ1ZWTXhHVEFYQmdOVgpCQW9URUVOc2IzVmtSbXhoY21Vc0lFbHVZeTR4RkRBU0JnTlZCQXNUQzA5eWFXZHBiaUJRZFd4c01SWXdGQVlEClZRUUhFdzFUWVc0Z1JuSmhibU5wYzJOdk1STXdFUVlEVlFRSUV3cERZV3hwWm05eWJtbGhNU013SVFZRFZRUUQKRXhwdmNtbG5hVzR0Y0hWc2JDNWpiRzkxWkdac1lYSmxMbTVsZERDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0lQQURDQ0Fnb0NnZ0lCQU4yeTJ6b2pZZmwwYktmaHAwQUpCRmVWK2pRcWJDdzNzSG12RVB3TG1xRExxeW5JCjQydFpYUjV5OTE0WkI5WnJ3YkwvSzVPNDZleGQvTHVqSm5WMmIzZHpjeDVydGlRenNvMHh6bGpxYm5iUVQyMGUKaWh4L1dyRjRPa1pLeWRaenNkYUpzV0FQdXBsREg1UDdKODJxM3JlODhqUWRnRTVocWpxRlozY2xDRzdseG9CdwpoTGFhem0zTkpKbFVmemRrOTdvdVJ2bkZHQXVYZDVjUVZ4OGpZT09lVTYwc1dxbU1lNFFIZE92cHFCOTFiSm9ZClFTS1ZGalVnSGVUcE44dE5wS0pmYjlMSW4zcHVuM2JDOU5LTkh0UktNTlgzS2wvc0FQcTdxL0FsbmR2QTJLdzMKRGt1bTJtSFFVR2R6VkhxY09nZWE5QkdqTEsyaDdTdVg5M3pUV0wwMnU3OTlkcjZYa3JhZC9XU2hIY2hmampSbgphTDM1bmlKVURyMDJZSnRQZ3hXT2JzcmZPVTYzQjhqdUxVcGhXLzRCT2pqSnlBRzVsOWoxLy9hVUdFaS9zRWU1CmxxVnYwUDc4UXJ4b3hSK01NWGlKd1FhYjVGQjhURy9hYzZtUkhnRjlDbWtYOTB1YVJoK09DMDdYalRkZlNLR1IKUHBNOWhCMlpoTG9sL25mOHFtb0xkb0Q1SHZPRFp1S3UyK211S2VWSFhndzIvQTZ3TTdPd3JpbnhaaXlCazVIaApDdmFBREg3UFpwVTZ6L3p2NU5VNUhTdlhpS3RDekZ1RHU0L1pmaTM0UmZIWGVDVWZIQWI0S2ZOUlhKd01zeFVhCis0WnBTQVgyRzZSbkdVNW1ldVhwVTUvVitEUUpwL2U2OVh5eVk2UlhEb015d2FFRmxJbFhCcWpSUkEycEFnTUIKQUFHalpqQmtNQTRHQTFVZER3RUIvd1FFQXdJQkJqQVNCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUNNQjBHQTFVZApEZ1FXQkJSRFdVc3JhWXVBNFJFemFsZk5Wemphbm4zRjZ6QWZCZ05WSFNNRUdEQVdnQlJEV1VzcmFZdUE0UkV6CmFsZk5Wemphbm4zRjZ6QU5CZ2txaGtpRzl3MEJBUTBGQUFPQ0FnRUFrUStUOW5xY1NsQXVXLzkwRGVZbVFPVzEKUWhxT29yNXBzQkVHdnhiTkdWMmhkTEpZOGg2UVVxNDhCQ2V2Y01DaGcvTDFDa3puQk5JNDBpMy82aGVEbjNJUwp6VkV3WEtmMzRwUEZDQUNXVk1aeGJRamtOUlRpSDhpUnVyOUVzYU5RNW9YQ1BKa2h3ZzIrSUZ5b1BBQVlVUm9YClZjSTlTQ0RVYTQ1Y2xtWUhKL1hZd1YxaWNHVkk4LzliMkpVcWtsbk9UYTV0dWd3SVVpNXNUZmlwTmNKWEhoZ3oKNkJLWURsMC9VUDBsTEtic1VFVFhlVEdEaURweFpZSWdiY0ZyUkREa0hDNkJTdmRXVkVpSDViOW1IMkJPTjYwegowTzBqOEVFS1R3aTlqbmFmVnRaUVhQL0Q4eW9Wb3dkRkRqWGNLa09QRi8xZ0loOXFyRlI2R2RvUFZnQjNTa0xjCjV1bEJxWmFDSG01NjNqc3ZXYi9rWEpubEZ4VysxYnNPOUJERDZEd2VCY0dkTnVyZ21INjI1d0JYa3NTZEQ3eS8KZmFrazhEYWdqYmpLU2hZbFBFRk9BcUVjbGl3akY0NWVhYkwwdDI3TUpWNjFPL2pIekhMM2RrblhlRTRCRGEyagpiQStKYnlKZVVNdFU3S01zeHZ4ODJSbWhxQkVKSkRCQ0ozc2NWcHR2aERNUnJ0cURCVzVKU2h4b0FPY3BGUUdtCmlZV2ljbjQ2blBEamdUVTBiWDFaUHBUcHJ5WGJ2Y2lWTDVSa1ZCdXlYMm50Y09MRFBsWldneFpDQnA5NngwN0YKQW5PektnWms0UnpaUE5BeENYRVJWeGFqbi9GTGNPaGdsVkFLbzVIMGFjK0FpdGxRMGlwNTVEMi9tZjhvNzJ0TQpmVlE2VnB5akVYZGlJWFdVcS9vPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+downstream_mtls.ca: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdDakNDQS9LZ0F3SUJBZ0lJVjVHNmxWYkNMbUV3RFFZSktvWklodmNOQVFFTkJRQXdnWkF4Q3pBSkJnTlYKQkFZVEFsVlRNUmt3RndZRFZRUUtFeEJEYkc5MVpFWnNZWEpsTENCSmJtTXVNUlF3RWdZRFZRUUxFd3RQY21sbgphVzRnVUhWc2JERVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFVE1CRUdBMVVFQ0JNS1EyRnNhV1p2CmNtNXBZVEVqTUNFR0ExVUVBeE1hYjNKcFoybHVMWEIxYkd3dVkyeHZkV1JtYkdGeVpTNXVaWFF3SGhjTk1Ua3gKTURFd01UZzBOVEF3V2hjTk1qa3hNVEF4TVRjd01EQXdXakNCa0RFTE1Ba0dBMVVFQmhNQ1ZWTXhHVEFYQmdOVgpCQW9URUVOc2IzVmtSbXhoY21Vc0lFbHVZeTR4RkRBU0JnTlZCQXNUQzA5eWFXZHBiaUJRZFd4c01SWXdGQVlEClZRUUhFdzFUWVc0Z1JuSmhibU5wYzJOdk1STXdFUVlEVlFRSUV3cERZV3hwWm05eWJtbGhNU013SVFZRFZRUUQKRXhwdmNtbG5hVzR0Y0hWc2JDNWpiRzkxWkdac1lYSmxMbTVsZERDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0lQQURDQ0Fnb0NnZ0lCQU4yeTJ6b2pZZmwwYktmaHAwQUpCRmVWK2pRcWJDdzNzSG12RVB3TG1xRExxeW5JCjQydFpYUjV5OTE0WkI5WnJ3YkwvSzVPNDZleGQvTHVqSm5WMmIzZHpjeDVydGlRenNvMHh6bGpxYm5iUVQyMGUKaWh4L1dyRjRPa1pLeWRaenNkYUpzV0FQdXBsREg1UDdKODJxM3JlODhqUWRnRTVocWpxRlozY2xDRzdseG9CdwpoTGFhem0zTkpKbFVmemRrOTdvdVJ2bkZHQXVYZDVjUVZ4OGpZT09lVTYwc1dxbU1lNFFIZE92cHFCOTFiSm9ZClFTS1ZGalVnSGVUcE44dE5wS0pmYjlMSW4zcHVuM2JDOU5LTkh0UktNTlgzS2wvc0FQcTdxL0FsbmR2QTJLdzMKRGt1bTJtSFFVR2R6VkhxY09nZWE5QkdqTEsyaDdTdVg5M3pUV0wwMnU3OTlkcjZYa3JhZC9XU2hIY2hmampSbgphTDM1bmlKVURyMDJZSnRQZ3hXT2JzcmZPVTYzQjhqdUxVcGhXLzRCT2pqSnlBRzVsOWoxLy9hVUdFaS9zRWU1CmxxVnYwUDc4UXJ4b3hSK01NWGlKd1FhYjVGQjhURy9hYzZtUkhnRjlDbWtYOTB1YVJoK09DMDdYalRkZlNLR1IKUHBNOWhCMlpoTG9sL25mOHFtb0xkb0Q1SHZPRFp1S3UyK211S2VWSFhndzIvQTZ3TTdPd3JpbnhaaXlCazVIaApDdmFBREg3UFpwVTZ6L3p2NU5VNUhTdlhpS3RDekZ1RHU0L1pmaTM0UmZIWGVDVWZIQWI0S2ZOUlhKd01zeFVhCis0WnBTQVgyRzZSbkdVNW1ldVhwVTUvVitEUUpwL2U2OVh5eVk2UlhEb015d2FFRmxJbFhCcWpSUkEycEFnTUIKQUFHalpqQmtNQTRHQTFVZER3RUIvd1FFQXdJQkJqQVNCZ05WSFJNQkFmOEVDREFHQVFIL0FnRUNNQjBHQTFVZApEZ1FXQkJSRFdVc3JhWXVBNFJFemFsZk5Wemphbm4zRjZ6QWZCZ05WSFNNRUdEQVdnQlJEV1VzcmFZdUE0UkV6CmFsZk5Wemphbm4zRjZ6QU5CZ2txaGtpRzl3MEJBUTBGQUFPQ0FnRUFrUStUOW5xY1NsQXVXLzkwRGVZbVFPVzEKUWhxT29yNXBzQkVHdnhiTkdWMmhkTEpZOGg2UVVxNDhCQ2V2Y01DaGcvTDFDa3puQk5JNDBpMy82aGVEbjNJUwp6VkV3WEtmMzRwUEZDQUNXVk1aeGJRamtOUlRpSDhpUnVyOUVzYU5RNW9YQ1BKa2h3ZzIrSUZ5b1BBQVlVUm9YClZjSTlTQ0RVYTQ1Y2xtWUhKL1hZd1YxaWNHVkk4LzliMkpVcWtsbk9UYTV0dWd3SVVpNXNUZmlwTmNKWEhoZ3oKNkJLWURsMC9VUDBsTEtic1VFVFhlVEdEaURweFpZSWdiY0ZyUkREa0hDNkJTdmRXVkVpSDViOW1IMkJPTjYwegowTzBqOEVFS1R3aTlqbmFmVnRaUVhQL0Q4eW9Wb3dkRkRqWGNLa09QRi8xZ0loOXFyRlI2R2RvUFZnQjNTa0xjCjV1bEJxWmFDSG01NjNqc3ZXYi9rWEpubEZ4VysxYnNPOUJERDZEd2VCY0dkTnVyZ21INjI1d0JYa3NTZEQ3eS8KZmFrazhEYWdqYmpLU2hZbFBFRk9BcUVjbGl3akY0NWVhYkwwdDI3TUpWNjFPL2pIekhMM2RrblhlRTRCRGEyagpiQStKYnlKZVVNdFU3S01zeHZ4ODJSbWhxQkVKSkRCQ0ozc2NWcHR2aERNUnJ0cURCVzVKU2h4b0FPY3BGUUdtCmlZV2ljbjQ2blBEamdUVTBiWDFaUHBUcHJ5WGJ2Y2lWTDVSa1ZCdXlYMm50Y09MRFBsWldneFpDQnA5NngwN0YKQW5PektnWms0UnpaUE5BeENYRVJWeGFqbi9GTGNPaGdsVkFLbzVIMGFjK0FpdGxRMGlwNTVEMi9tZjhvNzJ0TQpmVlE2VnB5akVYZGlJWFdVcS9vPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
 
 # Generate 256 bit random keys  e.g. `head -c32 /dev/urandom | base64`
 log_level: info