mTLS
Mutual TLS (mTLS) requires the client to present a certificate during the TLS handshake, in addition to the server presenting its own. Vegha supports mTLS by letting you attach a TLS client certificate to your requests.
Attaching a client certificate
Section titled “Attaching a client certificate”Select mTLS in the Authorization tab and provide the certificate in one of two formats.
PKCS#12 (.pfx)
Section titled “PKCS#12 (.pfx)”| Field | Description |
|---|---|
| Certificate file | Path to the .pfx / .p12 bundle |
| Passphrase | Password protecting the bundle |
A PKCS#12 file bundles the certificate and its private key together.
PEM (cert + key)
Section titled “PEM (cert + key)”| Field | Description |
|---|---|
| Certificate file | PEM-encoded client certificate |
| Key file | PEM-encoded private key |
| Passphrase | Password for the key, if it is encrypted |
Use PEM when your certificate and key are issued as separate files.
Like other auth methods, mTLS can be configured at the request, folder, or collection level, and children inherit the setting from their parent. See the Authentication overview for the full precedence rules.
In practice, set the client certificate on the collection or folder when every endpoint behind a host requires the same certificate, and override per request only when a specific endpoint needs a different one.
Relationship to proxy & TLS settings
Section titled “Relationship to proxy & TLS settings”mTLS configures the client certificate you present. Other TLS behavior — proxy routing, trusting custom CA certificates, and TLS verification options — is configured separately. See Proxy & TLS.