Mutual TLS (mTLS)
Mutual TLS (mTLS) authentication uses client certificates to ensure traffic between client and server is bidirectionally secure and trusted. mTLS also allows requests that do not authenticate via an identity provider — such as Internet-of-things (IoT) devices — to demonstrate they can reach a given resource.
Support includes gRPC-based APIs, which use binary formats such as protocol buffers rather than JSON.
Configure
For help setting up mTLS for one or more hosts using the dashboard, refer to Configure mTLS.
Availability
All Cloudflare plans can set up mTLS with a Cloudflare-managed certificate authority (CA). Enterprise customers can upload up to five non-Cloudflare CAs. For higher limits, contact your account team.
Limitations
When using Yubikeys, the browser may prompt for unlocking the key due to a problem in Yubikey’s PKCS#11 library.