[Feature Request] Support mTLS Client Certificates for SSE MCP Transport
[Feature Request] Support mTLS Client Certificates for SSE MCP Transport
Description
Claude Code's MCP client does not support mTLS (mutual TLS) client certificates when connecting to SSE-based MCP servers. This prevents secure enterprise deployments where MCP servers require client certificate authentication.
Current Behavior
When adding mTLS certificate paths to ~/.claude.json:
{
"mcpServers": {
"introspection": {
"type": "sse",
"url": "https://example.com:9080/mcp/sse",
"cert": "/path/to/client.cert.pem",
"key": "/path/to/client.key.pem",
"ca": "/path/to/ca.cert.pem"
}
}
}
Result:
- Certificate fields are silently ignored
- No connection attempts reach the server
claude mcp listreports "Failed to connect"
Verified via:
- Server logs show zero connection attempts to
/mcp/sseendpoint - TLS handshake never initiated (no client certificate presented)
curlwith same certificates successfully connects and completes mTLS handshake
Test Case
# This works (mTLS successful):
curl -v \
--cert /path/to/client.cert.pem \
--key /path/to/client.key.pem \
--cacert /path/to/ca.cert.pem \
https://example.com:9080/mcp/sse
# This fails (Claude Code ignores cert fields):
claude mcp list
# Output: "introspection: https://example.com:9080/mcp/sse (SSE) - ✗ Failed to connect"
Expected Behavior
Claude Code should:
- Read
cert,key, andcafields from MCP server configuration - Use them to establish mTLS connection to SSE endpoints
- Present client certificate during TLS handshake
- Validate server certificate against provided CA
Use Case
Enterprise Platform Introspection MCP Server:
- Internal platform with mTLS-only API access (zero-trust architecture)
- MCP server provides AI tools access to platform state via 4 tools:
get_world_state()- Complete platform statequery_entities()- Query specific entitiesget_entity(id)- Retrieve entity detailslist_component_types()- Discover available components- Security requirement: Client certificate authentication for all API access (ADR-029: Certificate Authority Manager)
- Current blocker: Cannot use Claude Code for AI-assisted platform development
Workarounds Considered
- ❌ Header-based auth: Issue #7290 shows headers are ignored for SSE transport
- ❌ Self-signed cert bypass: Issue #2899 mentions
NODE_TLS_REJECT_UNAUTHORIZED=0(unacceptable security risk) - ⚠️ HTTP transport: Unclear if mTLS is supported; documentation doesn't mention certificate options
- ❌ Reverse proxy with cert injection: Not possible with mutual TLS (client must present cert)
Environment
- Claude Code Version: 2.0.22
- OS: macOS 15.6.1 (24G90)
- MCP Transport: SSE
- Server: Custom Rust-based MCP server using rmcp 0.8.1
- TLS: Enterprise PKI with internal Root CA
- MCP Endpoint: HTTPS with mTLS required
Related Issues
- #2899: Local MCP server will not trust self-signed certs
- #7290: HTTP/SSE MCP Transport Ignores Authentication Headers
- #381: MCP SSE Support?
Proposed Solution
Add TLS configuration support to SSE MCP client similar to Node.js https.request options:
interface SSEMcpServerConfig {
type: 'sse';
url: string;
// Add these fields:
cert?: string; // Path to client certificate (PEM format)
key?: string; // Path to private key (PEM format)
ca?: string; // Path to CA certificate (PEM format)
rejectUnauthorized?: boolean; // Default: true (for self-signed cert scenarios)
}
Implementation references:
- Node.js
tls.connect()options: https://nodejs.org/api/tls.html#tlsconnectoptions-callback - Similar support in
reqwest(Rust HTTP client):
``rust``
reqwest::Client::builder()
.identity(reqwest::Identity::from_pem(&[cert_pem, key_pem].concat())?)
.add_root_certificate(reqwest::Certificate::from_pem(&ca_cert)?)
.build()?
Additional Context
This feature would enable:
- ✅ Secure enterprise MCP server deployments (zero-trust networks)
- ✅ Compliance with corporate security policies requiring mTLS
- ✅ AI-assisted development in secure/regulated environments
- ✅ Internal platform tooling with proper authentication
- ✅ Defense-in-depth security architecture (TLS + mTLS + application-level auth)
Configuration Example
Once implemented, users could configure mTLS like this:
# Add MCP server with mTLS
claude mcp add --transport sse \
--cert /path/to/client.cert.pem \
--key /path/to/client.key.pem \
--ca /path/to/ca.cert.pem \
introspection https://example.com:9080/mcp/sse
# Or manually in ~/.claude.json:
{
"mcpServers": {
"introspection": {
"type": "sse",
"url": "https://example.com:9080/mcp/sse",
"cert": "/Users/user/certs/client.cert.pem",
"key": "/Users/user/certs/client.key.pem",
"ca": "/Users/user/certs/ca.cert.pem"
}
}
}
---
Priority: This blocks enterprise adoption of Claude Code for internal platform development. Without mTLS support, we cannot integrate Claude Code with our secure internal tooling.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗