Manage Certificates for Organisation
Obtain server Certificates at an organisation level. Ensure interoperability for authentication, confidentiality, integrity and non-repudiation among Trust Framework Participants.
- Access Token with Write Access and with the directory:website scope - if you want to obtain or manage organisation-level certificates using Connect's APIs.
Select Organisation Certificates > New Certificate.
Select the type for your cerficate and continue.
- Resource Server Transport: used by servers when securing the mutual Transport Layer Security (mTLS) channel for API communications, ensuring that data exchange between client applications and the server is encrypted and mutually authenticated.
- Server Signing: Utilized to sign message payloads, this certificate guarantees the non-repudiation of server-issued payloads. By employing digital signatures, it ensures the authenticity and integrity of the messages, preventing any dispute over their origin and content.
- Server Encryption: Employed for the encryption of message contents using JSON Web Encryption (JWE RFC7516), ensuring confidentiality of messages sent by Servers.
If you are using Raidiam Connect Sandbox environment, you may sometimes see other types of server-related certificates. Usually, those types will be equivalents of the above certificates but localized and adjusted to the requirements of a given open data ecosystem.
If your organisation is a part of such open data initiative and you see your ecosystem's certificate types on the list, select out of those -- not the generic ones.
Execute the provided command in your terminal to generate a Certificate Signing Request (CSR) and continue.
The CSR is generated within the same directory where you executed the command. Along with the CSR, additional file is created containing the client's Private Key.
Upload the generated CSR/PEM file, select Continue, and Done.
The uploaded request for a certificate is validated by Connect's Registration Authority. Upon successfull validation, the request is passed to the platform's Certificate Authority (CA).
The CA creates the certificate including the organization's public key, subject information, issuer information, validity period, and more. Then, the CA signs the certificate using its private key.
Organisation Certificates can be used by any application or server within the organisation. For instance, multiple applications or servers can share the same organisation-level certificate. Learn more about Certificate Levels.
Select Organisation Certificates.
Select the three dots button under the Actions column next to the newly created certificate and download the certificate.
Add the certificate to your server's configuration to use it for transport, signing, or encryption.
Revoking a certificate is a permanent action.
If you are revoking a server transport certificate, all client applications which check the server's certificate will deny the connection due to the inability to establish a secure connection.
Select Organisation Certificates.
Select the three dots button under the Actions column next to the certificateof your choice.
Select Revoke Certificate.
Provide the reason for the certificate revocation if possible.
Select Revoke.
Once you revoke a certificate, all Organisation Administrators receive an email notification.
Raidiam Connect allows organisations to integrate with the following APIs for Organisation Certificate Management:
- Create Organisation Certificate You can utilize tools like OpenSSL or its alternatives to generate a Certificate Signing Request and upload it during the API call.