Next.js Discord

Discord Forum

How to setup HTTPS mutual TLS? do I need to use httpsAgent on both Nextjs server-side? and nodejs?

Unanswered
Indian oil sardine posted this in #help-forum
Open in Discord
Indian oil sardineOP
Here is my code in nextjs:
    axiosInstance.interceptors.request.use(
        request => {
            // console.log('tfffffff request: ' + request);

            const httpsAgent = new https.Agent({
                rejectUnauthorized: false,
                keepAlive: true,
                ca: fs.readFileSync("./Utils/axios/ca.crt"),
                cert: fs.readFileSync("./Utils/axios/cert.crt"),
                key: fs.readFileSync("./Utils/axios/key.pem"),
            })

            request.httpsAgent = httpsAgent

            // Edit request config
            return request;
        },
        // error => {
        // console.log('tfffffff error: ' + error);
        // return Promise.reject(error);
        // }
    );

3 Replies

@Indian oil sardine Here is my code in nextjs: axiosInstance.interceptors.request.use( request => { // console.log('tfffffff request: ' + request); const httpsAgent = new https.Agent({ rejectUnauthorized: false, keepAlive: true, ca: fs.readFileSync("./Utils/axios/ca.crt"), cert: fs.readFileSync("./Utils/axios/cert.crt"), key: fs.readFileSync("./Utils/axios/key.pem"), }) request.httpsAgent = httpsAgent // Edit request config return request; }, // error => { // console.log('tfffffff error: ' + error); // return Promise.reject(error); // } );
Chinese Alligator
yes, but only on the client side of the TLS connection.
For mutual TLS, you configure the HTTPS agent only on the side making the request (your Next.js server when calling a backend). The server (Node.js API) must be configured separately to require and verify client certificates.
A few important notes (gently but honestly 🙂):
-You do not need httpsAgent on both sides for the same request — only the caller uses it.
-Your Node.js backend must be started with requestCert: true and a trusted ca so it can validate the client cert.
-Avoid rejectUnauthorized: false in real setups — that disables security and defeats mTLS.
-In Next.js, this code is correct only for server-side requests (API routes / server actions). It will not work in the browser.
Your setup is basically right — just make sure the server is enforcing client cert verification, otherwise it’s one-way TLS, not mutual.
@Indian oil sardine Here is my code in nextjs: axiosInstance.interceptors.request.use( request => { // console.log('tfffffff request: ' + request); const httpsAgent = new https.Agent({ rejectUnauthorized: false, keepAlive: true, ca: fs.readFileSync("./Utils/axios/ca.crt"), cert: fs.readFileSync("./Utils/axios/cert.crt"), key: fs.readFileSync("./Utils/axios/key.pem"), }) request.httpsAgent = httpsAgent // Edit request config return request; }, // error => { // console.log('tfffffff error: ' + error); // return Promise.reject(error); // } );
B33fb0n3
maybe I didn't understood your question correctly, but when you want to run your nextjs app with https, then just do this:
next dev --experimental-https

It will auto generate all certs and stuff, so you can acess it. If you need custom certificates, you can do the following:
next dev --experimental-https --experimental-https-key ./certificates/localhost-key.pem --experimental-https-cert ./certificates/localhost.pem

Btw: axios is outdated: https://www.adios-axios.com/