Errong Leng

Using Mutual TLS (mTLS) in Next.js (Server-Side Only) In the previous posts, we covered: Part 1: Making mTLS API requests from Node.js clients Part 2: Enabling mTLS in Node.js servers Now we focus on Next.js applications and how mTLS works depending on deployment. Next.js Cannot Access TLS Handshake Directly Next.js middleware and API routes run after the TLS handshake They cannot see client certificates or verify them Next.js built-in server does not expose Node's HTTPS options like requestCert In short: Next.js middleware cannot enforce mTLS or access TLS handshake details . Any enforcement must happen before the request reaches Next.js. Next.js as an mTLS Client (Server-Side API Calls) Next.js can securely call mTLS-protected APIs from server-side code, such as: API routes Server actions import fs from 'fs'; import https from 'https'; import axios from 'axios'; export async function GET(req) { const...

  Enabling Mutual TLS (mTLS) in a Node.js Server In the previous post, we covered how to call an mTLS-protected API from Node.js . In this guide, we flip the perspective and configure Node.js as the server that requires client certificates. This setup is common for: Internal enterprise APIs Service-to-service communication Zero-trust architectures OpenShift / Kubernetes workloads By the end of this post, your Node.js server will: Accept only TLS connections Require valid client certificates Reject unauthorized clients automatically Expose client identity information to your app How Mutual TLS Works (Server Perspective) When mTLS is enabled: The client connects over HTTPS The server presents its certificate The client presents its certificate Both sides verify each other against trusted CAs Node.js can enforce all of this at the TLS layer, before your application code even runs. Required Certificate Files A Nod...