Set up mTLS

JFrog Hosting Models Documentation

Content Type
User Guide


  • To minimize the security risk, remember to exchange the CAs in a secured channel.

  • There is currently no support for CA revocation.

  1. Create an X509 CA in PEM format using open SSL or other methods.

  2. Share the CA with JFrog Support through a secured channel. You will need to communicate to JFrog the depth of the CA (sets the verification depth in the CA chain); the default is 2.


    The depth is the the maximum number of intermediate certificate issuers, i.e., the maximum number of CA certificates that are allowed to be followed by the server while verifying the CA.

  3. Test the connection using curl/open ssl/browser.


    curl -v -u user:password "" --cert example-cli.crt --key example-cli.key