[Feature Request] Support mTLS Client Certificates for SSE MCP Transport

Resolved 💬 2 comments Opened Oct 18, 2025 by st-keller Closed Oct 19, 2025

[Feature Request] Support mTLS Client Certificates for SSE MCP Transport

Description

Claude Code's MCP client does not support mTLS (mutual TLS) client certificates when connecting to SSE-based MCP servers. This prevents secure enterprise deployments where MCP servers require client certificate authentication.

Current Behavior

When adding mTLS certificate paths to ~/.claude.json:

{
  "mcpServers": {
    "introspection": {
      "type": "sse",
      "url": "https://example.com:9080/mcp/sse",
      "cert": "/path/to/client.cert.pem",
      "key": "/path/to/client.key.pem",
      "ca": "/path/to/ca.cert.pem"
    }
  }
}

Result:

  • Certificate fields are silently ignored
  • No connection attempts reach the server
  • claude mcp list reports "Failed to connect"

Verified via:

  • Server logs show zero connection attempts to /mcp/sse endpoint
  • TLS handshake never initiated (no client certificate presented)
  • curl with same certificates successfully connects and completes mTLS handshake

Test Case

# This works (mTLS successful):
curl -v \
  --cert /path/to/client.cert.pem \
  --key /path/to/client.key.pem \
  --cacert /path/to/ca.cert.pem \
  https://example.com:9080/mcp/sse

# This fails (Claude Code ignores cert fields):
claude mcp list
# Output: "introspection: https://example.com:9080/mcp/sse (SSE) - ✗ Failed to connect"

Expected Behavior

Claude Code should:

  1. Read cert, key, and ca fields from MCP server configuration
  2. Use them to establish mTLS connection to SSE endpoints
  3. Present client certificate during TLS handshake
  4. Validate server certificate against provided CA

Use Case

Enterprise Platform Introspection MCP Server:

  • Internal platform with mTLS-only API access (zero-trust architecture)
  • MCP server provides AI tools access to platform state via 4 tools:
  • get_world_state() - Complete platform state
  • query_entities() - Query specific entities
  • get_entity(id) - Retrieve entity details
  • list_component_types() - Discover available components
  • Security requirement: Client certificate authentication for all API access (ADR-029: Certificate Authority Manager)
  • Current blocker: Cannot use Claude Code for AI-assisted platform development

Workarounds Considered

  1. Header-based auth: Issue #7290 shows headers are ignored for SSE transport
  2. Self-signed cert bypass: Issue #2899 mentions NODE_TLS_REJECT_UNAUTHORIZED=0 (unacceptable security risk)
  3. ⚠️ HTTP transport: Unclear if mTLS is supported; documentation doesn't mention certificate options
  4. Reverse proxy with cert injection: Not possible with mutual TLS (client must present cert)

Environment

  • Claude Code Version: 2.0.22
  • OS: macOS 15.6.1 (24G90)
  • MCP Transport: SSE
  • Server: Custom Rust-based MCP server using rmcp 0.8.1
  • TLS: Enterprise PKI with internal Root CA
  • MCP Endpoint: HTTPS with mTLS required

Related Issues

  • #2899: Local MCP server will not trust self-signed certs
  • #7290: HTTP/SSE MCP Transport Ignores Authentication Headers
  • #381: MCP SSE Support?

Proposed Solution

Add TLS configuration support to SSE MCP client similar to Node.js https.request options:

interface SSEMcpServerConfig {
  type: 'sse';
  url: string;
  // Add these fields:
  cert?: string;  // Path to client certificate (PEM format)
  key?: string;   // Path to private key (PEM format)
  ca?: string;    // Path to CA certificate (PEM format)
  rejectUnauthorized?: boolean; // Default: true (for self-signed cert scenarios)
}

Implementation references:

``rust
reqwest::Client::builder()
.identity(reqwest::Identity::from_pem(&[cert_pem, key_pem].concat())?)
.add_root_certificate(reqwest::Certificate::from_pem(&ca_cert)?)
.build()?
``

Additional Context

This feature would enable:

  • ✅ Secure enterprise MCP server deployments (zero-trust networks)
  • ✅ Compliance with corporate security policies requiring mTLS
  • ✅ AI-assisted development in secure/regulated environments
  • ✅ Internal platform tooling with proper authentication
  • ✅ Defense-in-depth security architecture (TLS + mTLS + application-level auth)

Configuration Example

Once implemented, users could configure mTLS like this:

# Add MCP server with mTLS
claude mcp add --transport sse \
  --cert /path/to/client.cert.pem \
  --key /path/to/client.key.pem \
  --ca /path/to/ca.cert.pem \
  introspection https://example.com:9080/mcp/sse

# Or manually in ~/.claude.json:
{
  "mcpServers": {
    "introspection": {
      "type": "sse",
      "url": "https://example.com:9080/mcp/sse",
      "cert": "/Users/user/certs/client.cert.pem",
      "key": "/Users/user/certs/client.key.pem",
      "ca": "/Users/user/certs/ca.cert.pem"
    }
  }
}

---

Priority: This blocks enterprise adoption of Claude Code for internal platform development. Without mTLS support, we cannot integrate Claude Code with our secure internal tooling.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗