Advertisement
mTLS adds client certificate to the standard TLS flow. Each side proves identity.
What you're seeing
Standard TLS verifies the server. mTLS verifies both: the server's CertificateRequest message asks the client for its certificate. Client sends Certificate + CertificateVerify (signed challenge proving private-key possession).
Common in zero-trust internal networking. Service identity is the cert SAN. No bearer tokens needed — every request is authenticated at the TLS layer.
★ KEY TAKEAWAY
mTLS adds client certificate verification on top of TLS. Both sides prove identity. Used in zero-trust internal service mesh.
▶ WHAT TO TRY
- Click Run to step through the handshake.
- The CertificateRequest in step 2 is what makes this mutual (vs regular TLS).