TLS client certificate and key configuration in built-in fetch (2-way TLS)

[alinayebi9080]

Summary

The built-in fetch provided by Next.js (when used in server components or API routes) currently lacks support for configuring client TLS options, such as cert, key, and ca for mutual TLS (2-way TLS) authentication.

This limitation prevents secure communication with external services that require 2-way TLS, which is common in enterprise APIs or private services.
I'd like the ability to pass custom HTTPS agent options to fetch, such as:

fetch('https://secure-api.com/data', {
  agent: new https.Agent({
    cert: fs.readFileSync('client-cert.pem'),
    key: fs.readFileSync('client-key.pem'),
    ca: fs.readFileSync('ca-cert.pem'),
    rejectUnauthorized: true,
  })
});

### Additional information

_No response_

### Example

_No response_

[baljir0901]

Great point — this is currently a known limitation with fetch in Next.js (and Node.js 18+ in general when using undici).

🤔 Why doesn’t it work?

The built-in fetch() from Next.js uses undici under the hood and doesn’t expose the ability to set a custom HTTPS agent — so you can’t pass cert, key, or ca for mutual TLS (mTLS).

---

✅ Workaround (until native support)

Use Node.js's https.request() or a library like axios that supports custom agents:

Option 1: axios (recommended for simplicity)

import axios from "axios";
import https from "https";
import fs from "fs";

const agent = new https.Agent({
  cert: fs.readFileSync("client-cert.pem"),
  key: fs.readFileSync("client-key.pem"),
  ca: fs.readFileSync("ca-cert.pem"),
  rejectUnauthorized: true,
});

const res = await axios.get("https://secure-api.com/data", {
  httpsAgent: agent,
});
Option 2: Node's https directly
ts
Copy
Edit
import https from "https";
import fs from "fs";

const options = {
  hostname: "secure-api.com",
  port: 443,
  path: "/data",
  method: "GET",
  cert: fs.readFileSync("client-cert.pem"),
  key: fs.readFileSync("client-key.pem"),
  ca: fs.readFileSync("ca-cert.pem"),
  rejectUnauthorized: true,
};

const req = https.request(options, (res) => {
  let data = "";
  res.on("data", (chunk) => (data += chunk));
  res.on("end", () => console.log("Response:", data));
});
req.end();