mTLS FAQs

mTLS FAQs

Frequently Asked Questions

What is an mTLS Certificate?

The mTLS (Mutual TLS) certificate is used to authenticate to GlobalSign's DSS API. It's a regular x.509 Client Certificate enabled for Client Authentication and serves a second factor in authenticating against our DSS API.

Do I need to pay for mTLS certificate?

No, the mTLS certificate is free of charge. 

How do I create mTLS certificate?

In order to create an mTLS certificate you will need to ensure you have: 

  • Generated API Credentials
  • Created an Identity
  • Subscribe to a Service

To make use of the GlobalSign API’s, an mTLS Certificate is required. The mTLS Certificate (Mutual TLS) is the PEM encoded x509 certificate that has Client Authentication enabled. It is used to authenticate to GlobalSign's API along with your user credentials.

To create an mTLS certificate, follow the steps below.

  1. Log in to your Atlas Account.
  2. Click either “mTLS Certificates” from the sidebar, or “Generate An mTLS Certificate” from the dashboard.
  3. Select one of the options for connecting to the API, depending on your circumstance.

    Via Our Technology Partners: Connecting via technology partner integrations doesn't require an mTLS certificate. To learn more about partner integrations, contact your local sales team.

    Directly via the API: Connecting via the API requires an mTLS certificate for secure access.
  4. Selecting “Continue” under the “Directly via the API” option, will direct you to a page showing all API credentials, created under the account. For further information on API credentials, please see here 
  5. Please then select one or more API credentials to link to the mTLS certificate.
  6. Once you have selected an API credential, the details will populate under the “mTLS Certificate Summary” sidebar on the right.
  7. You may now click “Continue”
  8. The following “Paste a CSR” page will be showing, which is where you need to generate a Certificate Signing Request (CSR) for your mTLS certificate.
  9. In order to create a CSR, please follow the guide here.
  10. Note. The CSR must be at least 2048 RSA key size.
  11. Please then paste your CSR in the box and select “Continue”
  12. You will now have your mTLS certificate.
  13. Please either click “Copy to Clipboard” or simply copy the mTLS certificate, and paste this into a text editor, saving this as a “.cer” file format.
  14. Please then click “Download ICA” which is the issuing CA certificate for your mTLS.

Your certificate should now be ready to use to authenticate into using the GlobalSign API.

Do I need to create a new key pair for the mTLS if I have an existing key from my trial account?

We recommend creating a new key pair when using the production mTLS service, even if you have an existing one from the trial account.

How long are mTLS Certificates valid for?

Newly issued mTLS Certificates are valid for 5 years.

How do I renew my mTLS Certificate?

There's currently no real functionality to "renew" a mTLS certificate. The creation of a new mTLS certificate is sufficient. 

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Scan your endpoints to locate all of your Certificates.

Log In / Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.