[GH-ISSUE #1208] [feature request] Client certificate support for TLS authentication #855

New issue

Closed

opened 2026-05-07 00:28:12 +02:00 by BreizhHardware · 3 comments

BreizhHardware commented 2026-05-07 00:28:12 +02:00

Owner

Copy link

Originally created by @lescisin on GitHub (Oct 30, 2024).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1208

Hi there - Thanks for all of the excellent work on this project. Really great stuff - I've only been using it for about a week and already it's been helpful for me. I especially appreciate the simplicity of posting messages - it makes it so easy to integrate into other services.

My suggestion:

I was hoping to use client certificates on my front end proxy for TLS authentication to ntfy. I configured my proxy for this and I'm able to authenticate and then access ntfy via browser - I get prompted for the client cert and all works. (hooray!) However, doing the same on the android app, I get the error below.

I'm thinking that the client Android app does not support client certificates based on this. I am submitting this suggestion in hopes that the feature might be considered as a future enhancement.

Originally created by @lescisin on GitHub (Oct 30, 2024). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1208 Hi there - Thanks for all of the excellent work on this project. Really great stuff - I've only been using it for about a week and already it's been helpful for me. I especially appreciate the simplicity of posting messages - it makes it so easy to integrate into other services. My suggestion: I was hoping to use client certificates on my front end proxy for TLS authentication to ntfy. I configured my proxy for this and I'm able to authenticate and then access ntfy via browser - I get prompted for the client cert and all works. (hooray!) However, doing the same on the android app, I get the error below. I'm thinking that the client Android app does not support client certificates based on this. I am submitting this suggestion in hopes that the feature might be considered as a future enhancement. 

BreizhHardware 2026-05-07 00:28:12 +02:00

• closed this issue
• added the
  enhancement
  label

BreizhHardware commented 2026-05-07 00:28:13 +02:00

Author

Owner

Copy link

@kk7ds commented on GitHub (Dec 26, 2024):

I would really like this as well! I use user cert auth for everything (related to my automation systems) and it's definitely be preferable to be able to do that for ntfy as well instead of having to have a separate scheme.

<!-- gh-comment-id:2562958727 --> @kk7ds commented on GitHub (Dec 26, 2024): I would really like this as well! I use user cert auth for everything (related to my automation systems) and it's definitely be preferable to be able to do that for ntfy as well instead of having to have a separate scheme.

BreizhHardware commented 2026-05-07 00:28:13 +02:00

Author

Owner

Copy link

@hackerd2501 commented on GitHub (Aug 2, 2025):

I would like that as well. Same problem as kk7ds.
I have my homeassistant connected with a cloudflare tunnel where access is secured with a cloudflare generated client certificate. Homeassistant companion asks me for the client certificate at session start.

For server errors I use ntfy. But that works only at home.

I can connect to my local server over the internet by using chrome, which asks me for the client certificate.

The ntfy app cannot connect, it asks me for username and password instead.

<!-- gh-comment-id:3146363624 --> @hackerd2501 commented on GitHub (Aug 2, 2025): I would like that as well. Same problem as kk7ds. I have my homeassistant connected with a cloudflare tunnel where access is secured with a cloudflare generated client certificate. Homeassistant companion asks me for the client certificate at session start. For server errors I use ntfy. But that works only at home. I can connect to my local server over the internet by using chrome, which asks me for the client certificate. The ntfy app cannot connect, it asks me for username and password instead.

BreizhHardware commented 2026-05-07 00:28:13 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Jan 18, 2026):

Duplicate. This was implemented and will be released in 1.22.x (next Android release), see #215, #530, etc.

<!-- gh-comment-id:3764652200 --> @binwiederhier commented on GitHub (Jan 18, 2026): Duplicate. This was implemented and will be released in 1.22.x (next Android release), see #215, #530, etc.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/web/fast-uri-3.1.2

email-verification

attachment-no-http2

attachment-fixes

attachment-s3

config-generator

postgres-replica

dockers-v2

postgres-support

postgres-webpush+user+message

postgres-webpush+user

postgres-webpush

1364-copy-action

crashfix

user-header

scalar-api-docs

cancel-scheduled

update-available

windows-server

303-update-notifications

postgres

admin-ui

require-login

http-clipboard

message-cache-lock

debian-stripe

predefined-users

busy-timeout

template-dir

ipv6

client-ip-header

apns-fix

feat_optional_require_login

security-updates

pg-message-cache

templating-disallow

templating-3

templating-2

message-size-limit+delay-limit

remove-rate-topics

html-emails

cf-priority

acl-underscores

auth-user-header

markdown

img-attach

web-improvements

utf8-headers

matrix-507-reject

http-response-writer

new-homepage-design

e2e

canary

windows

electron

update-messages

webhook-templating

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.19.2

v2.19.1

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.14.0

v2.13.0

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.31.0

v1.30.1

v1.29.1

v1.29.0

v1.28.0

v1.27.2

v1.27.1

v1.26.0

v1.25.2

v1.25.1

v1.25.0

v1.24.0

v1.23.0

v1.22.0

v1.21.2

v1.21.1

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.0

v1.14.1

v1.14.0

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.2

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.1

v1.6.0

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.3

v1.3.1

v1.3.0

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

ai-generated

  

android-app

  

android-app

  

android-app

  

🪲 bug

  

build

  

build

  

dependencies

  

docs

  

enhancement

  

enhancement

  

🔥 HOT

  

in-progress 🏃

  

ios

  

prio:low

  

prio:low

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

🔒 security

  

server

  

server

  

unified-push

  

web-app

  

website

No labels

ai-generated

android-app

android-app

android-app

🪲 bug

build

build

dependencies

docs

enhancement

enhancement

🔥 HOT

in-progress 🏃

ios

prio:low

prio:low

pull-request

question

🔒 security

server

server

unified-push

web-app

website

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ntfy#855

No description provided.