Configure a Reverse Proxy to Support mTLS

JFrog Artifactory Documentation

JFrog Artifactory
Content Type
User Guide

From Artifactory release 7.38.4, you can also authenticate users using mTLS. To do so will require a reverse proxy and some setup on the front reverse proxy (Nginx).

Reverse Proxy for Cloud Customers

To configure a reverse proxy to support mTLS in the Cloud, you will need to contact JFrog Support to set this up for you.

To configure Reverse Proxy to Support mTLS Flow:

  1. The client sends a request to the JFrog Platform.

  2. If the request includes a client certificate:

    1. The JFrog Platform will authenticate the client certificate using the configured trusted certificates and verify that the certificate has not been revoked. If the client certificate is authenticated successfully, the procedure will continue; otherwise it is blocked.

    2. The JFrog Platform will then try to extract the user identity from the client certificate.

      If the user identity was extracted successfully, the procedure will continue; otherwise it will fall back to relying on additional user authentication information (e.g., basic credentials, bearer token).


      If the JFrog Platform is configured to require client certificates, then the request will be blocked; otherwise it will continue with the existing authorization mechanisms without mTLS.