Manage Certificates for Application

obtain certificates for application at the applications docid\ at1zjk4wwrastj pdhvhx level utilize transport certificates for tls handshakes with other organisations' servers authenticate client applications using oauth mtls based or the oauth private key jwt client authentication methods encrypt messages prerequisites users docid\ ijyftusvdonrn4rxsnsev or users docid\ ijyftusvdonrn4rxsnsev access to the platform get an access token (r/w) docid\ bpimoxcmny4u46fbf0zsw and with the directory\ website scope if you want to obtain or manage organisation level certificates using connect's apis obtain client certificate select applications and an application of your choice select app certificates > new certificate select the certificate type and continue transport essential for securing the mtls channel for api communications from the client side it assures that the exchange between the server and client applications is encrypted and mutually authenticated signing this certificate serves two primary functions it enables secure application authentication using the oauth private key jwt client authentication method, thus verifying the client's identity additionally, it allows for the signing of message payloads, ensuring the non repudiation of client issued payloads encryption employed for the encryption of message contents using json web encryption (jwe rfc7516) , ensuring confidentiality of messages sent by clients if you are using raidiam connect sandbox environment, you may sometimes see other types of client related certificates usually, those types will be equivalents of the above certificates but localized and adjusted to the requirements of a given open data ecosystem if your organisation is a part of such open data initiative and you see your ecosystem's certificate types on the list, select out of those not the generic ones execute the provided command in your terminal to generate a certificates docid\ g ci bmrum8en1ffwnzi and continue the csr is generated within the same directory where you executed the command along with the csr, additional file is created containing the client's public and private keys docid\ xb31qsym6rjvvzucnk1ex upload the generated csr/pem file, select continue , and done the uploaded request for a certificate is validated by connect's public key infrastructure docid\ ukxpxzgjtt4iswg9nbxe0 upon successfull validation, the request is passed to the platform's public key infrastructure docid\ ukxpxzgjtt4iswg9nbxe0 (ca) the ca creates the certificate including the organization's public key, subject information, issuer information, validity period, and more then, the ca signs the certificate using its private key download client certificate select application and an application of your choice select app certificates select the three dots button under the actions column next to the certificate and download the certificate add the certificate to your clients's configuration to use it for transport, signing, or encryption revoke certificates revoking a certificate is a permanent action if you are revoking a client transport certificate, all servers which check the clients's certificate will deny the connection due to the inability to establish a secure connection select applications and an application of your choice select app certificates select the three dots button under the actions column next to the certificate and revoke certificate the certificate provide the reason for the certificate revocation if possible select revoke manage client certificates using apis raidiam connect allows organisations to integrate with the following apis for client certificate management create application certificate you can utilize tools like openssl or its alternatives to generate a certificates docid\ g ci bmrum8en1ffwnzi and upload it during the api call get all certificates for application get application certificate of given type revoke application certificate