Posts

Showing posts with the label Mutual TLS

Using Mutual TLS (mTLS) in Next.js (Server-Side Only)

By -
Image
Using Mutual TLS (mTLS) in Next.js (Server-Side Only) In the previous posts, we covered: Part 1: Making mTLS API requests from Node.js clients Part 2: Enabling mTLS in Node.js servers Now we focus on Next.js applications and how mTLS works depending on deployment. Next.js Cannot Access TLS Handshake Directly Next.js middleware and API routes run after the TLS handshake They cannot see client certificates or verify them Next.js built-in server does not expose Node's HTTPS options like requestCert In short: Next.js middleware cannot enforce mTLS or access TLS handshake details . Any enforcement must happen before the request reaches Next.js. Next.js as an mTLS Client (Server-Side API Calls) Next.js can securely call mTLS-protected APIs from server-side code, such as: API routes Server actions import fs from 'fs'; import https from 'https'; import axios from 'axios'; export async function GET(req) { const...
Post a Comment
Read more

Enabling Mutual TLS (mTLS) in a Node.js Server

By -
Image
  Enabling Mutual TLS (mTLS) in a Node.js Server In the previous post, we covered how to call an mTLS-protected API from Node.js . In this guide, we flip the perspective and configure Node.js as the server that requires client certificates. This setup is common for: Internal enterprise APIs Service-to-service communication Zero-trust architectures OpenShift / Kubernetes workloads By the end of this post, your Node.js server will: Accept only TLS connections Require valid client certificates Reject unauthorized clients automatically Expose client identity information to your app How Mutual TLS Works (Server Perspective) When mTLS is enabled: The client connects over HTTPS The server presents its certificate The client presents its certificate Both sides verify each other against trusted CAs Node.js can enforce all of this at the TLS layer, before your application code even runs. Required Certificate Files A Nod...
Post a Comment
Read more

Making Mutual SSL (mTLS) API Requests in Node.js

By -
Image
Making Mutual SSL (mTLS) API Requests in Node.js Mutual TLS (mTLS) is a common security requirement in enterprise environments. Unlike regular HTTPS (where only the server is authenticated), mTLS requires both the client and the server to authenticate each other using certificates. This guide focuses on using Node.js as a client to call an API protected by mutual TLS. It also covers a very common real-world problem: Your Ops or Security team gives you a .jks file JKS is designed for Java / Spring Boot Node.js needs .key , .crt , and .pem files instead We’ll walk through converting the JKS file and using it in Node.js step by step. What Files Does Node.js Need for Mutual TLS? To make an mTLS request from Node.js, you typically need: client.key – your private key client.crt – your client certificate ca.pem – the Certificate Authority (CA) chain to trust the server These are passed to Node’s HTTPS agent. Step 1: Convert JKS to PKCS12 (...
Post a Comment
Read more