Managing Certificates
After creating certificates for mTLS
authentication, you'll need to manage them throughout their lifecycle. This includes viewing, renewing, and revoking certificates as needed.
Viewing your certificates
To view your existing certificates:
Navigate to API Configurations:
Log in to the Trust portal.
From the dashboard, locate the navigation menu.
Click on Settings (gear icon) in the menu.
Select API Configurations from the menu.
Click on the Certificates tab.
Certificate List:
All your certificates will be displayed with their status (Active/Revoked), expiration date, and distinguished name.
You can filter certificates by status as needed.

Certificate lifecycle management
Checking certificate details
Click on a certificate name in the list to view its details:
Issuance date and expiration date (certificates are valid for 365 days)
Certificate fingerprint
Usage statistics
You can download the certificate again if needed (private key will not be available for download again if Caf generated it).
Renewing a certificate
Certificates have a validity period of 365 days and should be renewed before they expire. You can only renew a certificate when it's within 120 days of its expiration date.
Locate the Certificate:
Find the certificate you want to renew in your certificates list.
Certificates eligible for renewal will display a renewal status indicator.
Click the three-dot menu (⋮) next to the certificate.
Certificate List with Renewal Option Renew the Certificate:
Select "Renew certificate" from the dropdown menu.
In the confirmation dialog, review the information about the renewal.
Click "Renew" to confirm and create a new certificate based on the current one.
Renew Certificate Dialog Download the New Certificate:
When the renewal process completes, you'll see a success modal with a "Download certificate" button.
Download your new certificate immediately.
The new certificate will have a validity period of 365 days from the renewal date.
Certificate Renewed
Update Your Applications:
Implement the new certificate in your applications while keeping the old one active.
Test thoroughly before fully switching to the new certificate.
Revoking a certificate
If a certificate is compromised or no longer needed, you should revoke it immediately:
Locate the Certificate:
Find the certificate in your certificates list.
Click the three-dot menu (⋮) next to the certificate.
Revoke the Certificate:
Select "Revoke certificate" from the dropdown.
In the confirmation dialog, provide a reason for revocation.
Click "Revoke" to confirm.

Once a certificate is revoked, it cannot be reinstated. You'll need to create a new certificate if needed.
Best practices for certificate management
Maintain an inventory of all your certificates with their expiration dates.
Set up reminders for certificate renewals at least 30 days in advance.
Implement certificate rotation procedures in your applications to smoothly transition between certificates.
Limit access to certificate management to authorized personnel only.
Regularly audit certificate usage and revoke unused certificates.
Have a documented process for handling certificate compromise incidents.
Next steps
Once your certificates are properly managed, learn how to use them with mTLS to secure your API communications with Caf.
Last updated