Creating a Certificate
To create a certificate for mTLS
authentication with Caf APIs
, follow these steps:
Access Trust
Log in to the Trust portal:
Navigate to the Trust portal and authenticate with your credentials.
Navigate to API Configurations:
From the dashboard, locate the navigation menu.
Click on Settings (gear icon) in the menu.
Select API Configurations from the menu.

Certificate creation process
To create a certificate for mTLS
, you need to generate a Certificate Signing Request (CSR
) and have it signed by the Caf certificate authority:
Uploading your certificate signing request (CSR)
Access certificates section:
On the API configurations page, select the Certificates tab.
This page displays your existing certificates with their status and expiration dates.
Click the + New certificate button in the page header.
Certificates List Upload Certificate Signing Request:
A "New certificate" modal will appear with an upload area for your CSR file.
You can click on the upload area or drag and drop your CSR file.
New Certificate Modal Select your CSR file:
After selecting your CSR file, it will appear in the upload area.
Click the Create certificate button which becomes enabled once a file is uploaded.
CSR File Uploaded Download your certificate:
For advanced users who prefer to generate and keep their private key:
Generate a CSR:
Using OpenSSL or a similar tool, generate a private key and CSR.
Example OpenSSL command:
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out certificate.csr
Upload your CSR:
In the certificate creation dialog, upload your CSR file by either:
Dragging and dropping the file into the designated area, or
Clicking the upload button to browse and select your CSR file.
Click "Create certificate" when ready.
Download your certificate:
When the certificate is successfully generated, you'll see a success modal with a Download certificate button.
Click the button to download your signed certificate (
.crt
file).Combine this certificate with your private key for use with your applications.
Important: Make sure to download your certificate before closing the modal.

Important: Keep your private key secure at all times. If it becomes compromised, you should immediately revoke the certificate and request a new one.
Certificate usage
The certificates issued by Caf are used for production API access. These certificates:
Enable secure mTLS connections to Caf production APIs
Have a defined validity period
Must be renewed before expiration to ensure uninterrupted service
Are subject to verification by the Caf certificate authority
Next steps
After creating your certificate, you'll need to:
Learn how to manage your certificates throughout their lifecycle
Last updated