Using Mutual TLS (mTLS) in Next.js (Server-Side Only)
Using Mutual TLS (mTLS) in Next.js (Server-Side Only) In the previous posts, we covered: Part 1: Making mTLS API requests from Node.js clients Part 2: Enabling mTLS in Node.js servers Now we focus on Next.js applications and how mTLS works depending on deployment. Next.js Cannot Access TLS Handshake Directly Next.js middleware and API routes run after the TLS handshake They cannot see client certificates or verify them Next.js built-in server does not expose Node's HTTPS options like requestCert In short: Next.js middleware cannot enforce mTLS or access TLS handshake details . Any enforcement must happen before the request reaches Next.js. Next.js as an mTLS Client (Server-Side API Calls) Next.js can securely call mTLS-protected APIs from server-side code, such as: API routes Server actions import fs from 'fs'; import https from 'https'; import axios from 'axios'; export async function GET(req) { const...