How to implement mutual SSL authentication in a Phoenix app?

Does anyone implemented successfully a mutual SSL authentication in a phoenix app, and could tell me how to do it, or point to the resources about it?

When sending the request via curl, with both --cert and --key options provided I’m still getting ssl_cert: nil from Plug.Conn.get_peer_data(conn)

A client won’t send a client certificate unless the server asks, even when you pass those options. You need to configure your server to request a client certificate during the TLS handshake.

I assume you are terminating TLS on the Phoenix application itself using an https Endpoint configuration. In that case you need to add verify: :verify_peer, cacertfile: "path/to/client_cert_issuer_ca.pem" alongside the server’s certificate and key configurations.

You may also want to set fail_if_no_peer_cert: true if you want the TLS handshake to be aborted if the client did not present any certificate. By default this option is false, and the application needs to handle that by checking with Plug.Conn.get_peer_data/1.