Creating a Certificate

To create a certificate for mTLS authentication with Caf APIs, follow these steps:

Access Trust

  1. Log in to the Trust portal:

    • Navigate to the Trust portal and authenticate with your credentials.

  2. Navigate to API Configurations:

    • From the dashboard, locate the navigation menu.

    • Click on Settings (gear icon) in the menu.

    • Select API Configurations from the menu.

API Configurations

Certificate creation process

To create a certificate for mTLS, you need to generate a Certificate Signing Request (CSR) and have it signed by the Caf certificate authority:

Uploading your certificate signing request (CSR)

  1. Access certificates section:

    • On the API configurations page, select the Certificates tab.

    • This page displays your existing certificates with their status and expiration dates.

    • Click the + New certificate button in the page header.

    Certificates List

  2. Upload Certificate Signing Request:

    • A "New certificate" modal will appear with an upload area for your CSR file.

    • You can click on the upload area or drag and drop your CSR file.

    New Certificate Modal

  3. Select your CSR file:

    • After selecting your CSR file, it will appear in the upload area.

    • Click the Create certificate button which becomes enabled once a file is uploaded.

    CSR File Uploaded

  4. Download your certificate:

For advanced users who prefer to generate and keep their private key:

  1. Generate a CSR:

    • Using OpenSSL or a similar tool, generate a private key and CSR.

    • Example OpenSSL command:

    openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out certificate.csr

  2. Upload your CSR:

    • In the certificate creation dialog, upload your CSR file by either:

      • Dragging and dropping the file into the designated area, or

      • Clicking the upload button to browse and select your CSR file.

    • Click "Create certificate" when ready.

  3. Download your certificate:

    • When the certificate is successfully generated, you'll see a success modal with a Download certificate button.

    • Click the button to download your signed certificate (.crt file).

    • Combine this certificate with your private key for use with your applications.

    Important: Make sure to download your certificate before closing the modal.

Certificate Generated

Important: Keep your private key secure at all times. If it becomes compromised, you should immediately revoke the certificate and request a new one.

Certificate usage

The certificates issued by Caf are used for production API access. These certificates:

  • Enable secure mTLS connections to Caf production APIs

  • Have a defined validity period

  • Must be renewed before expiration to ensure uninterrupted service

  • Are subject to verification by the Caf certificate authority

Next steps

After creating your certificate, you'll need to:

  1. Configure your client to use mTLS

  2. Learn how to manage your certificates throughout their lifecycle

Last updated