How to use mutual TLS with micronaut?

[abvaidya]

I am a Micronaut newbie trying to understand the framework. I want to implement mtls, couldn't find existing security mechanisms which can do that, so wrote a simple filter to check for client certificate.

@Filter("/hello/**")
public class MTLSFilter implements HttpServerFilter {

    private static final Logger LOG = LoggerFactory.getLogger(MTLSFilter.class);
    private final AuthService authService;

    public MTLSFilter(AuthService authService) {
        this.authService = authService;
    }
    @Override
    public Publisher<MutableHttpResponse<?>> doFilter(HttpRequest<?> request, ServerFilterChain chain) {
        LOG.info("inside doFilter of MTLSFilter");
        return authService.authenticate(request)
                .switchMap(aBoolean -> chain.proceed(request));
    }
}

Corresponding code from AuthService

Flowable<Boolean> authenticate(HttpRequest<?> httpRequest){
        return Flowable.fromCallable(() -> {
            LOG.info("inside AuthService");
            Certificate cert = httpRequest.getCertificate().isPresent() ?
                    httpRequest.getCertificate().get() : null;
            if (cert == null) {
                LOG.error("no certificate found in the request");
                return false;
            }
            LOG.info("setting {} as principal in request", ((X509Certificate)cert).getSubjectX500Principal().getName());
            httpRequest.setAttribute("micronaut-demo.principal", ((X509Certificate)cert).getSubjectX500Principal().getName());
            return true;
        });
    }

And I am making a request using curl

curl --cert <mycert> --key <mykey> -k https://localhost:8443/hello

But I dont see certificate in the request, and code always end with cert == null condition.

micronautVersion=2.4.1

micronaut-cli.yml

applicationType: default
defaultPackage: mn-examples
testFramework: junit
sourceLanguage: java
buildTool: gradle
features: [ annotation-api, app-name, gradle, graphql, h2, http-client, java, java-application, junit, logback, lombok, netty-server, readme, security, security-annotations, shade, testcontainers, yaml ]

What am I missing here?

TIA.