mTLS

Mutual TLS

Mutual TLS (mTLS) is a security protocol where both the client and server authenticate each other using X.509 certificates — unlike regular TLS where only the server presents a certificate. It's the foundation of service-to-service authentication in Zero Trust architectures.

⚙️ How Does It Work?

During the TLS handshake, both parties present their certificates. Each validates the other's certificate chain against trusted Certificate Authorities. Only if both certificates are valid does the connection proceed.

📍 Where Is It Used?

Microservices architectures, service meshes (Istio, Linkerd), API gateways, Zero Trust network access, IoT device authentication.

💡 Real-World Example

A company's microservices mesh uses Istio with mTLS. Every service-to-service call requires both parties to present valid certificates issued by the internal CA. A compromised pod cannot impersonate another service because it cannot forge a valid certificate — lateral movement is blocked.

🔗 Related Terms

Certificate Machine Identity Zero Trust Service Mesh TLS

Stay Ahead in Identity Security

Get weekly IAM, PAM & IGA insights via Identity Pulse.

Subscribe to Identity Pulse →

View posts by
Scroll to top