Login
      Contents x
      Setting up certificates & Access
      • 07 Jun 2023
      • 2 Minutes to read
      • Contributors
      • Print
      • Dark
        Light
      Contents

      Setting up certificates & Access

      • Updated on 07 Jun 2023
      • 2 Minutes to read
      • Contributors
      • Print
      • Dark
        Light
      Article Summary

      For added convenience and security, Darwinium's APIs use Mutual TLS authentication in place of API keys and other tokens.

      You can configure the nodes and services that a given certificate has access to in the Administration section of the Darwinium Portal

      Your generated certificate will require rotation
      Darwinium's certificate authority (CA) provisions certificates that are valid for 1 year. It is highly recommended that you rotate certificates every 6-9 months as part of your regular maintenance schedule.
      Darwinium does not provide an integrated process for monitoring certificate expiration.



      Creating a Certificate Signing Request from Scratch

      A Certificate Signing Request (CSR) needs to be uploaded to Darwinium. Darwinium's Certificate Authority (CA) then returns a signed certificate whose details are stored for subsequent authentication and communication. The advantage of this process is that your private key needs never be disclosed to Darwinium. Darwinium supports RSA and ECDSA pairs. In this guide we will use an RSA-2048 private key and signing request.

      In order to generate a Private Key/CSR combination, you will need to be using a machine with openssl installed. This is commonly installed by default in most Linux or Mac OS X distributions.

      To generate a CSR, open a terminal and enter:

      openssl req -newkey rsa:2048 -keyout privkey.key -out csr_for_darwinium.csr


      You will be asked to enter a PEM password (which you should take note of), as well some details about your CSR including your company name, org unit. It is important that this information is filled as it will enable you to revoke signed certs and perform useful auditing in the future. 

      Upload your certificate to Darwinium and assign permissions

      You will require an account with apis > administrate permissions checked.

      1. Login to the Darwinium portal and select Admin > API Access
      2. Click "Add Certificate" on the right hand side of the screen shown
      3. Assuming you created csr_for_darwinium.csr in the previous step, drop this file on the modal window or select it from the file upload dialog
      4. After the certificate has been signed, you will be presented with a modal dialog that will enable you to download the signed certificate and CA chain. It is important that you do this prior to dismissing the dialog, as these details are not stored in Darwinium:

      5. Your cert details should now be visible in the certs list

      Managing which nodes a certificate can connect to

      Double-clicking on an entry in the certificate management table presents a list of services that the certificate may be used for. These can be updated as needed:


      Was this article helpful?
      What's Next
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout