- Print
- DarkLight
Setting up certificates & Access
For added convenience and security, Darwinium's APIs use Mutual TLS authentication in place of API keys and other tokens.
You can configure the nodes and services that a given certificate has access to in the Administration section of the Darwinium Portal
Darwinium does not provide an integrated process for monitoring certificate expiration.
Creating a Certificate Signing Request from Scratch
A Certificate Signing Request (CSR) needs to be uploaded to Darwinium. Darwinium's Certificate Authority (CA) then returns a signed certificate whose details are stored for subsequent authentication and communication. The advantage of this process is that your private key needs never be disclosed to Darwinium. Darwinium supports RSA and ECDSA pairs. In this guide we will use an RSA-2048 private key and signing request.
In order to generate a Private Key/CSR combination, you will need to be using a machine with openssl installed. This is commonly installed by default in most Linux or Mac OS X distributions.
To generate a CSR, open a terminal and enter:
openssl req -newkey rsa:2048 -keyout privkey.key -out csr_for_darwinium.csr
You will be asked to enter a PEM password (which you should take note of), as well some details about your CSR including your company name, org unit. It is important that this information is filled as it will enable you to revoke signed certs and perform useful auditing in the future.
Upload your certificate to Darwinium and assign permissions
You will require an account with apis > administrate permissions checked.
- Login to the Darwinium portal and select Admin > API Access
- Click "Add Certificate" on the right hand side of the screen shown
- Assuming you created csr_for_darwinium.csr in the previous step, drop this file on the modal window or select it from the file upload dialog
- After the certificate has been signed, you will be presented with a modal dialog that will enable you to download the signed certificate and CA chain. It is important that you do this prior to dismissing the dialog, as these details are not stored in Darwinium:
- Your cert details should now be visible in the certs list
Managing which nodes a certificate can connect to
Double-clicking on an entry in the certificate management table presents a list of services that the certificate may be used for. These can be updated as needed: