Overview
mTLS (Mutual TLS) certificates are used to authenticate to GlobalSign's APIs. It's a regular x.509 client certificate enabled for client authentication and serves as a second factor in authenticating against our APIs. The mTLS certificate is free of charge. We recommend creating a new key pair when using the production mTLS service, even if you have an existing one from a trial account.
Create an mTLS Certificate
Prerequisites
In order to create an mTLS certificate, you will need to ensure you have:
- Generated API Credentials
- Created an Identity
- Subscribed to a Service
Create mTLS Certificate
- Log in to your Atlas Account.
- Click Access Credentials on the left nav, and then click mTLS Certificate.
- Click Generate an mTLS Certificate.
- Click Continue under the Directly via the API card.
- The next screen will display all of your API credentials. Choose the one that will be linked to this mTLS certificate and then click Continue.
- On the next screen, paste a CSR into the provided field and then click Continue. This CSR should contain a new public/private key pair. To create a CSR, please refer to this page.
Note: The CSR must be at least 2048 RSA key size. - Your new mTLS certificate will display on the next screen. Copy and paste the certificate into a .txt file and save locally for use as a .cer file.
- If necessary, you can download the Issuing CA on this screen as well.
Your certificate is now ready to be used to authenticate with the GlobalSign APIs.
FAQs
Do I need to create a new key pair for the mTLS certificate if I have an existing key from my trial account?
We recommend creating a new key pair when using the production mTLS service, even if you have an existing one from the trial account.
How long are mTLS certificates valid for?
mTLS certificates are valid for 5 years.
How do I renew my mTLS Certificate?
When your mTLS certificate is about to expire, please generate a new one.