mTLS FAQs

Nov 6, 2024

mTLS FAQs

Frequently Asked Questions

What is an mTLS Certificate?

The mTLS (Mutual TLS) certificate is used to authenticate to GlobalSign's DSS API. It's a regular x.509 Client Certificate enabled for Client Authentication and serves as a second factor in authenticating against our DSS API.

Do I need to pay for mTLS certificate?

No, the mTLS certificate is free of charge. 

How do I create an mTLS certificate?

In order to create an mTLS Certificate, you will need to ensure you have: 

  • Generated API Credentials
  • Created an Identity
  • Subscribe to a Service

To make use of the GlobalSign APIs, an mTLS Certificate is required. The mTLS Certificate (Mutual TLS) is the PEM encoded x509 certificate that has Client Authentication enabled. It is used to authenticate to GlobalSign's API along with your user credentials.

To create an mTLS certificate, follow the steps below.

  1. Log into your Atlas Account.
  2. On the Access Credentials page, click mTLS Certificates.
  3. Then, click "Generate an mTLS Certificate" button.
  4. Select one of the options for connecting to the API, depending on your circumstances.

    Via Our Technology Partners: Connecting via technology partner integrations doesn't require an mTLS certificate. To learn more about partner integrations, contact your local sales team.

    Directly via the API: Connecting via the API requires an mTLS certificate for secure access.
  5. Selecting “Continue” under the “Directly via the API” option, will direct you to a page showing all API credentials, created under the account. For further information on API credentials, please see here 
  6. Please then select one or more API credentials to link to the mTLS certificate.
  7. Once you have selected an API credential, the details will populate under the “mTLS Certificate Summary” sidebar on the right.
  8. You may now click “Continue”.
  9. The following “Paste a CSR” page will be shown, which is where you need to generate a Certificate Signing Request (CSR) for your mTLS certificate.
  10. In order to create a CSR, please follow the guide here.
  11. Note. The CSR must be at least 2048 RSA key size.
  12. Please then paste your CSR in the box and select “Continue”.
  13. You will now have your mTLS certificate.
  14. Please either click “Copy to Clipboard” or simply copy the mTLS certificate, and paste this into a text editor, saving this as a “.cer” file format.
  15. Please then click “Download ICA”, which is the issuing CA certificate for your mTLS.

Your certificate should now be ready to be used to authenticate using the GlobalSign API.

Do I need to create a new key pair for the mTLS if I have an existing key from my trial account?

We recommend creating a new key pair when using the production mTLS service, even if you have an existing one from the trial account.

How long are mTLS Certificates valid for?

Newly issued mTLS Certificates are valid for 5 years.

How do I renew my mTLS Certificate?

There's currently no real functionality to "renew" a mTLS certificate. The creation of a new mTLS certificate is sufficient. 

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support