> ## Documentation Index
> Fetch the complete documentation index at: https://docs.withsutro.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Mutual TLS (mTLS)

> Understanding how mTLS works in Sutro's authentication system

TLS (formerly SSL) is the standard protocol for verifying a **server's** identity and encrypting communication.\
In traditional TLS:

* The **server** sends its certificate.
* The **client** verifies it against a trusted Certificate Authority (CA).
* The client then trusts that the server is genuine.

**mTLS extends this by requiring both sides to present certificates.**

With mTLS:

* The **client** sends its own certificate, signed by a trusted CA.
* The **server** verifies this certificate and checks that the client controls the private key associated with it.

This provides strong, cryptographic proof that the request is coming from a trusted system.

## Why mTLS?

Servers that can call our APIs operate with high privilege.\
mTLS ensures that:

* Only systems you explicitly trust can connect to us.
* Each client environment can have its own certificate, improving auditability.
* Private keys stay entirely under your control; we never see them.

This approach supports a **Zero Trust Architecture (ZTA)**, where no system is implicitly trusted and every request must be identified, authenticated, and authorized.
