Magic Mirror uses mutual TLS (mTLS) so that only devices you trust can establish secure connections to your apps.

How It Works

During the first magic-mirror login your CLI:

• authenticates with your Nodelink account,
• generates a private key & certificate signing request locally,
• receives a signed client certificate bound to this device.

The certificate is saved to ~/.magic-mirror/certs. It is presented on every connection attempt, and the server blocks any device whose certificate is missing or revoked.

Managing Devices & Certificates (coming soon)

Review authorised devices in the Security tab of your dashboard. If a laptop is lost or compromised, click Revoke next to its certificate to block future connections instantly.

Rotate a Certificate Manually

To regenerate a certificate for this device:

rm ~/.magic-mirror/certs/client.pem
magic-mirror login