How-Tos
Certificates
Manage Certificates for Organisation
obtain server certificates docid\ g ci bmrum8en1ffwnzi at an organisation level ensure interoperability for authentication, confidentiality, integrity and non repudiation among trust framework participants docid\ zwoo4fno16xiy1mcodij5 prerequisites users docid\ ijyftusvdonrn4rxsnsev or users docid\ ijyftusvdonrn4rxsnsev access to the platform get an access token (r/w) docid\ bpimoxcmny4u46fbf0zsw and with the directory\ website scope if you want to obtain or manage organisation level certificates using connect's apis obtain server certificate select organisation certificates > new certificate select the type for your cerficate and continue resource server transport used by servers when securing the mutual transport layer security (mtls) channel for api communications, ensuring that data exchange between client applications and the server is encrypted and mutually authenticated server signing utilized to sign message payloads, this certificate guarantees the non repudiation of server issued payloads by employing digital signatures, it ensures the authenticity and integrity of the messages, preventing any dispute over their origin and content server encryption employed for the encryption of message contents using json web encryption (jwe rfc7516) , ensuring confidentiality of messages sent by servers if you are using raidiam connect sandbox environment, you may sometimes see other types of server related certificates usually, those types will be equivalents of the above certificates but localized and adjusted to the requirements of a given open data ecosystem if your organisation is a part of such open data initiative and you see your ecosystem's certificate types on the list, select out of those not the generic ones execute the provided command in your terminal to generate a certificates docid\ g ci bmrum8en1ffwnzi and continue the csr is generated within the same directory where you executed the command along with the csr, additional file is created containing the client's public and private keys docid\ xb31qsym6rjvvzucnk1ex upload the generated csr/pem file, select continue , and done the uploaded request for a certificate is validated by connect's public key infrastructure docid\ ukxpxzgjtt4iswg9nbxe0 upon successfull validation, the request is passed to the platform's public key infrastructure docid\ ukxpxzgjtt4iswg9nbxe0 (ca) the ca creates the certificate including the organization's public key, subject information, issuer information, validity period, and more then, the ca signs the certificate using its private key organisation certificates can be used by any application or server within the organisation for instance, multiple applications or servers can share the same organisation level certificate learn more about certificates docid\ g ci bmrum8en1ffwnzi download server certificate select organisation certificates select the three dots button under the actions column next to the newly created certificate and download the certificate add the certificate to your server's configuration to use it for transport, signing, or encryption revoke certificates revoking a certificate is a permanent action if you are revoking a server transport certificate, all client applications which check the server's certificate will deny the connection due to the inability to establish a secure connection select organisation certificates select the three dots button under the actions column next to the certificateof your choice select revoke certificate provide the reason for the certificate revocation if possible select revoke once you revoke a certificate, all users docid\ ijyftusvdonrn4rxsnsev receive an email notification manage certificates using apis raidiam connect allows organisations to integrate with the following apis for organisation certificate management create organisation certificate you can utilize tools like openssl or its alternatives to generate a certificates docid\ g ci bmrum8en1ffwnzi and upload it during the api call get all organisation certificates get all organisation certificates of given type get organisation certificate by certificate key or key id revoke organisation certificate