Cloudflare Docs
Learning Paths
Cloudflare Docs
Application Security (Learning Path)
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)
  1. Learning Paths
  2. Application Security
  3. Default traffic security
  4. Mutual TLS (mTLS)

Mutual TLS (mTLS)

  1 min read

Mutual TLS (mTLS) authentication uses client certificates to ensure traffic between client and server is bidirectionally secure and trusted. mTLS also allows requests that do not authenticate via an identity provider — such as Internet-of-things (IoT) devices — to demonstrate they can reach a given resource.

mTLS sequence diagram

Support includes gRPC-based APIs, which use binary formats such as protocol buffers rather than JSON.

​​ Creating a mTLS rule

  1. Log in to the Cloudflare dashboard and select your account and domain.

  2. Go to SSL/TLS > Client Certificates.

  3. Select Create a mTLS rule.

  4. In Custom rules, several rule parameters have already been filled in. Enter the URI path you want to protect in Value.

  5. (Optional) Add a Hostname field and enter the mTLS-enabled hostnames you wish to protect in Value.

  6. In Choose action, select Block.

  7. Select Deploy to make the rule active.

Once you have deployed your mTLS rule, any requests without a valid client certificate will be blocked.




Previous Next module