Mutual TLS (mTLS)
Mutual TLS (mTLS) authentication uses client certificates to ensure traffic between client and server is bidirectionally secure and trusted. mTLS also allows requests that do not authenticate via an identity provider — such as Internet-of-things (IoT) devices — to demonstrate they can reach a given resource.
All Cloudflare plans can set up mTLS with a Cloudflare-managed certificate authority (CA). Enterprise customers can upload up to five non-Cloudflare CAs. For higher limits, contact your account team.
When using Yubikeys, the browser may prompt for unlocking the key due to a problem in Yubikey’s PKCS#11 library.