Mutual TLS for MCP

Standard TLS authenticates the server to the client — the client verifies the server's certificate against a trusted CA. Mutual TLS (mTLS) adds the reverse: the server also verifies the client's certificate. In MCP deployments, mTLS ensures that only authorized clients can connect to the server. The client presents a certificate during the TLS handshake, and the server validates it against a trusted certificate authority or a pinned certificate list. If the client's certificate is invalid, expired, or not in the trust store, the TLS handshake fails before any MCP messages are exchanged.

Certificate lifecycle management is the operational burden of mTLS. Each client needs a certificate, certificates expire, revoked certificates must be rejected immediately (not at the next expiry). Use short-lived certificates (24-72 hours) with automated renewal to limit the window of exposure if a certificate is compromised. SPIFFE (Secure Production Identity Framework for Everyone) provides a standardized way to issue and rotate short-lived certificates in service-to-service communication. The SPIFFE runtime (spire) runs as a daemon on each node and provides certificates to workloads via a Unix socket.

mTLS and OAuth are complementary, not alternatives. mTLS authenticates the transport layer — proving that the client process is authorized to connect. OAuth authenticates the application layer — proving that the user has granted specific permissions. A production MCP deployment should use both: mTLS ensures only known clients reach the server, and OAuth ensures those clients only access what the user authorized. This is defense in depth applied to authentication.

1. Generate a CA and client certificates Create a private CA for your MCP deployment. Issue client certificates signed by this CA. Store the CA certificate on the server and client certificates on each authorized client. Use a 2048-bit RSA key or P-256 EC key minimum.
2. Configure the MCP server for mTLS Set the TLS configuration to require client certificates (requestCert: true, rejectUnauthorized: true). Provide the CA certificate for validation. Log the client certificate's subject and serial number on each connection for audit.
3. Automate certificate rotation Implement automated certificate renewal before expiry. Use SPIFFE/spire for service-to-service certificates or cert-manager in Kubernetes. Alert when a certificate is within 24 hours of expiry.