Mutual TLS (mTLS)
Mutual TLS (mTLS) authentication uses client certificates to ensure traffic between client and server is bidirectionally secure and trusted. mTLS also allows requests that do not authenticate via an identity provider — such as Internet-of-things (IoT) devices — to demonstrate they can reach a given resource.

Support includes gRPC ↗-based APIs, which use binary formats such as protocol buffers rather than JSON.
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to SSL/TLS > Client Certificates.
- Select Create a mTLS rule.
- In Custom rules, several rule parameters have already been filled in. Enter the URI path you want to protect in Value.
- (Optional) Add a Hostnamefield and enter the mTLS-enabled hostnames you wish to protect in Value.
- In Choose action, select Block.
- Select Deploy to make the rule active.
Once you have deployed your mTLS rule, any requests without a valid client certificate will be blocked.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark