MTLS Scratch Pad - chef/chef-server GitHub Wiki

Mutual TLS Support

Chef Infra Server now supports Mutual TLS (mTLS). mTLS provides an added layer of security to the Chef Infra Client and Chef Infra Server communication. Previously the Chef Infra Client would validate the certificate of the Infra Server for authenticity, but no validation of client authenticity would be performed by the Infra Server. With mTLS enabled, and mTLS certificate client certificate files in place, the Infra Server will validate client authenticity. This functionality is particularly useful in endpoint management scenarios where client communication needs to occur over untrusted channels.