mcp-secure-remote
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-secure-remoteconnect to https://mcp.mycompany.com/mcp with client cert"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-secure-remote
A stdio ↔ remote bridge for the Model Context Protocol with first-class mTLS (mutual TLS) client-certificate authentication.
Works with any MCP-capable AI agent or IDE — Claude Desktop, Claude Code, Cursor, Windsurf, Cline, Continue, Zed, VS Code MCP extensions, and any custom client that speaks the MCP stdio transport.
Contents
Related MCP server: Streamable HTTP Bridge
What it does
mcp-secure-remote spawns as a local stdio MCP server and forwards every
JSON-RPC message to a remote MCP server over HTTPS. Every outbound request
carries a client certificate you supply, so the remote server sees a
cryptographically authenticated connection — no OAuth dance, no bearer
tokens on the wire, no shared API keys.
┌──────────────┐ stdio ┌────────────────────┐ HTTPS + mTLS ┌───────────────┐
│ MCP client │───────────▶│ mcp-secure-remote │─────────────────▶│ Remote MCP │
│ (Claude, │ │ (this proxy) │ │ server │
│ Cursor, …) │◀───────────│ │◀─────────────────│ │
└──────────────┘ └────────────────────┘ └───────────────┘How it works
AI agent launches
mcp-secure-remoteas a local subprocess and talks to it over stdio (the transport every MCP client already supports).Proxy builds an undici HTTPS dispatcher seeded with your client cert, private key, and trusted CA bundle.
Proxy opens either a Streamable HTTP or SSE transport to the remote server (configurable). TLS handshake presents the client cert; server validates it before forwarding the MCP session.
JSON-RPC frames flow bidirectionally. All proxy logging goes to stderr so the stdio channel stays clean.
Prerequisites
Node.js ≥ 18 (for built-in
fetch,undici, and native TLS features).A client certificate + private key issued by a CA the remote MCP server trusts (or a PKCS#12 bundle containing both).
The CA bundle used by the remote server, if it is not in your OS trust store (private/corporate CAs almost always need this).
The remote MCP server URL (typically
https://host/mcporhttps://host/sse).
Install
# global
npm install -g mcp-secure-remote
# or ephemeral (recommended for agent configs)
npx mcp-secure-remote <server-url> [options]Generate or obtain client certificates
If your team already issues client certs, skip this section. For local testing, generate a throw-away CA + client cert pair with OpenSSL:
# CA
openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \
-keyout ca.key -out ca.crt -subj "/CN=dev-ca"
# client key + CSR
openssl req -newkey rsa:4096 -nodes \
-keyout client.key -out client.csr -subj "/CN=dev-client"
# sign client cert with CA
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
-out client.crt -days 365 -sha256Configure the remote MCP server to require client certs signed by ca.crt.
Point the proxy at client.crt + client.key + the server's CA bundle.
Quick start
Cert + key pair:
npx mcp-secure-remote https://mcp.example.com/mcp \
--tls-cert ./certs/client.crt \
--tls-key ./certs/client.key \
--tls-ca ./certs/ca-bundle.pemPKCS#12 bundle:
npx mcp-secure-remote https://mcp.example.com/mcp \
--tls-pfx ./certs/client.p12 \
--tls-passphrase "$P12_PASSPHRASE" \
--tls-ca ./certs/ca-bundle.pemForce SSE transport + pin minimum TLS:
npx mcp-secure-remote https://mcp.example.com/sse \
--transport sse-only \
--tls-min-version TLSv1.3 \
--tls-cert ./certs/client.crt \
--tls-key ./certs/client.key \
--tls-ca ./certs/ca-bundle.pemCLI parameters
Usage: mcp-secure-remote <server-url> [options]
<server-url> is a positional argument (required). Everything else is a
named flag.
General
Flag | Type | Default | Description |
| string (URL) | — | Required. Remote MCP endpoint. Must be |
| string (repeatable) | — | Extra HTTP header on every outbound request. Repeat the flag for multiple headers. |
| enum |
| Transport negotiation. One of |
| boolean |
| Permit plain |
| boolean |
| Verbose logging to stderr (parsed args, per-message trace, transport selection). |
| boolean | — | Print usage and exit. |
mTLS / TLS
Flag | Type | Default | Description |
| path | — | PEM client certificate (leaf, optionally followed by chain intermediates). |
| path | — | PEM private key matching |
| path | — | PEM CA bundle used to verify the remote server. Required for private CAs not in the OS trust store. |
| path | — | PKCS#12 ( |
| string | — | Passphrase protecting the private key or PFX bundle. Prefer the env var to keep secrets off the command line. |
| string | URL hostname | SNI override. Use when the server cert's SAN differs from the URL host (e.g. IP literal, internal DNS). |
| enum | Node default | Minimum TLS version: |
| boolean |
| Disable server certificate validation. Dev only. Proxy prints a warning when enabled. |
Parameter rules
--tls-certand--tls-keymust appear together.--tls-pfxcannot combine with--tls-cert/--tls-key.--allow-httpis required for anyhttp://URL. Supplying mTLS flags withhttp://triggers a warning (cert is not sent over plain HTTP).Unknown
--flagscause parse failure with exit code 2.Argument errors exit with code 2; runtime errors exit with code 1.
Environment variables
Every TLS flag has an env-var fallback so secrets can stay out of shell history and MCP client configs.
Variable | Equivalent flag | Values |
|
| path |
|
| path |
|
| path |
|
| path |
|
| string |
|
| string |
|
|
|
|
|
|
Precedence: explicit CLI flag overrides env var.
AI agent / IDE integration
Every agent below launches the proxy as a local stdio MCP server. Pattern is identical — only the config file format differs. Use absolute paths; agents do not inherit your shell's working directory.
Claude Desktop
File: ~/Library/Application Support/Claude/claude_desktop_config.json
(macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows).
{
"mcpServers": {
"example": {
"command": "npx",
"args": [
"mcp-secure-remote",
"https://mcp.example.com/mcp",
"--tls-cert", "/absolute/path/client.crt",
"--tls-key", "/absolute/path/client.key",
"--tls-ca", "/absolute/path/ca-bundle.pem"
]
}
}
}Restart Claude Desktop after editing.
Claude Code (CLI)
Add a server via the claude mcp add command or edit
~/.claude.json / project .mcp.json:
claude mcp add example npx -- mcp-secure-remote \
https://mcp.example.com/mcp \
--tls-cert /absolute/path/client.crt \
--tls-key /absolute/path/client.key \
--tls-ca /absolute/path/ca-bundle.pemOr in .mcp.json:
{
"mcpServers": {
"example": {
"command": "npx",
"args": [
"mcp-secure-remote",
"https://mcp.example.com/mcp",
"--tls-cert", "/absolute/path/client.crt",
"--tls-key", "/absolute/path/client.key",
"--tls-ca", "/absolute/path/ca-bundle.pem"
]
}
}
}Cursor
File: ~/.cursor/mcp.json (global) or .cursor/mcp.json (per project).
{
"mcpServers": {
"example": {
"command": "npx",
"args": [
"mcp-secure-remote",
"https://mcp.example.com/mcp",
"--tls-cert", "/absolute/path/client.crt",
"--tls-key", "/absolute/path/client.key",
"--tls-ca", "/absolute/path/ca-bundle.pem"
],
"env": {
"MCP_REMOTE_TLS_PASSPHRASE": "…optional…"
}
}
}
}Windsurf
File: ~/.codeium/windsurf/mcp_config.json.
{
"mcpServers": {
"example": {
"command": "npx",
"args": [
"mcp-secure-remote",
"https://mcp.example.com/mcp",
"--tls-cert", "/absolute/path/client.crt",
"--tls-key", "/absolute/path/client.key",
"--tls-ca", "/absolute/path/ca-bundle.pem"
]
}
}
}Cline (VS Code)
Cline reads cline_mcp_settings.json from its extension storage. Open
the Cline MCP panel → "Configure MCP Servers" or edit the file directly:
{
"mcpServers": {
"example": {
"command": "npx",
"args": [
"mcp-secure-remote",
"https://mcp.example.com/mcp",
"--tls-cert", "/absolute/path/client.crt",
"--tls-key", "/absolute/path/client.key",
"--tls-ca", "/absolute/path/ca-bundle.pem"
],
"disabled": false,
"autoApprove": []
}
}
}Continue (VS Code / JetBrains)
File: ~/.continue/config.json (or config.yaml).
{
"experimental": {
"modelContextProtocolServers": [
{
"transport": {
"type": "stdio",
"command": "npx",
"args": [
"mcp-secure-remote",
"https://mcp.example.com/mcp",
"--tls-cert", "/absolute/path/client.crt",
"--tls-key", "/absolute/path/client.key",
"--tls-ca", "/absolute/path/ca-bundle.pem"
]
}
}
]
}
}Zed
File: ~/.config/zed/settings.json.
{
"context_servers": {
"example": {
"command": {
"path": "npx",
"args": [
"mcp-secure-remote",
"https://mcp.example.com/mcp",
"--tls-cert", "/absolute/path/client.crt",
"--tls-key", "/absolute/path/client.key",
"--tls-ca", "/absolute/path/ca-bundle.pem"
]
}
}
}
}Generic MCP client
Any client that spawns stdio MCP servers works. Required pieces:
command:npx(or absolute path tonode+dist/proxy.js).args:["mcp-secure-remote", "<server-url>", …flags].Optional
envblock forMCP_REMOTE_TLS_*variables to keep secrets out of the args array.
Testing your setup
Bundled mcp-secure-remote-client verifies the TLS handshake and enumerates the
server's capabilities — no real agent needed:
npx mcp-secure-remote-client https://mcp.example.com/mcp \
--tls-cert ./certs/client.crt \
--tls-key ./certs/client.key \
--tls-ca ./certs/ca-bundle.pemOutput: negotiated capabilities + lists of tools, resources, prompts.
Add --debug for per-message tracing.
Security notes
HTTPS only by default.
http://URLs are refused unless--allow-httpis explicitly set. Proxy additionally warns when mTLS flags are combined withhttp://because the client cert will not be sent.Skip-verify prints a warning.
--tls-insecure-skip-verifydisables server certificate validation; intended for local dev loops only.Prefer env vars for passphrases. Anything on the CLI may leak into process listings, shell history, or agent logs.
Proxy logs to stderr. stdout is reserved for the MCP JSON-RPC stream.
No credential persistence. Proxy does not write certs, keys, or tokens to disk.
Pin TLS 1.3 (
--tls-min-version TLSv1.3) when the server supports it, to avoid downgrade-prone 1.2 cipher suites.
Troubleshooting
self signed certificate in certificate chain / unable to verify the first certificate
Point --tls-ca at the PEM bundle that signed the remote server's cert.
OS trust store alone is not enough for private CAs.
Hostname/IP does not match certificate's altnames
Set --tls-servername to the SAN the server cert presents.
error:0909006C:PEM routines:get_name:no start line
Private key file malformed or encrypted. If encrypted, supply
--tls-passphrase (or MCP_REMOTE_TLS_PASSPHRASE).
ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE / alert bad certificate
Server rejected your client cert. Check:
Cert signed by a CA the server trusts.
Key matches cert:
openssl x509 -noout -modulus -in client.crt | openssl md5vs.openssl rsa -noout -modulus -in client.key | openssl md5.Intermediate chain present in
--tls-cert.
Agent shows "failed to start server" with no detail. Run the exact same command in a terminal to see stderr. Agents hide subprocess stderr by default.
Remote transport hangs.
Try --transport sse-only or --transport http-only to isolate which
transport the server actually implements. Add --debug.
already started error in mcp-secure-remote-client.
Upgrade — prior versions double-started the transport. Fixed in current
release.
Development
npm install
npm run typecheck
npm run buildBuild artifacts land in dist/. dist/proxy.js and dist/client.js are
the two bin entrypoints.
License
MIT — see LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/framedparadox/mcp-secure-remote'
If you have feedback or need assistance with the MCP directory API, please join our Discord server