How to Obtain GlobalSign RESTful API Account Credentials

How to Obtain GlobalSign RESTful API Account Credentials

Introduction

This article will walk you through the process of obtaining GlobalSign RESTful API Account CredentialsIf this is not the solution you are looking for, please search for the solution in the search bar above.

Guidelines

To access your GlobalSign RESTful API Account, you need to generate an RSA key pair. This key pair will be used for two purposes:

  1. GlobalSign will encrypt the API Account Credentials using this public key and send them to you. You will need to use your private key to decrypt them.
  2. GlobalSign will supply you with an mTLS access Certificate based on your public key. You will need to use this Certificate to access our APIs, along with the encrypted credentials.
     

Generate a Key Pair

There are various methods for generating keys. For the purposes of this example, we used OpenSSL.

  1. To generate the private key, run the following script:
    openssl genrsa -des3 -out /PATH/TO/privatekey.pem 2048 
  2. To generate the public key using the private key, run the following script:
    openssl rsa -in /PATH/TO/privatekey.pem -outform PEM -pubout
    -out
     /PATH/TO/publickey.pem 

This option generates the private key in an encrypted file using a user-supplied passcode, which is recommended for most purposes. Depending on how you are connecting to the API (e.g. curl/related libraries, Postman, etc) you may need the private key in unencrypted form. 

Note: In the event you need the key in unencrypted form, you can omit the -des3 from the command above.

You're obligated to protect this private key as this would permit a third party to decrypt your credentials and to also access your mTLS Certificate. You will need to supply the contents of the publickey.pem file to GlobalSign during the enrollment for obtaining process for obtaining RESTful API Account Credentials. It has the format of:
  

-----BEGIN PUBLIC KEY-----
MIICIjANBfkqhkiG9w0BAQBFAAOCAg8AMIICCgKCAgEAyNWb1c14iT994U+zC0PSH7nMaA7nwPswAxxnMSCYYo1sGDjR3WvILiXjpCfIkv9PFNhhJ9MOj/AUqSoWKgzVjSMsvGMyAHdvZfMF3GLRR05tPA/B8ZZDr0npTP/hP4mFwHCE2Xg+VMpNfn3qUr9xZBUtmKrvKoaQoSDbvoZMRiOvs4+wL+yMqWTVsAipiDC0kMKMWiI4RKrqn91euK4ZxrZUtFtzEX8so+3U9rK/oBX0UW7Zdjp5u3yqGEP84WyGV9qjQqcdh2JAhmBPPSv7mES9ZApr/4AcLRyZbsMiD7Ihh0+IE6xxfPEaVRRXoa38hA+Bssl2cNLx+CoN5IJ5qRazPilU+meDWJqf+0QBe2pu0Xdtg29AlVcszjPAoSTNvJseMKjzGkca/dtOoSe3KxZWQnIjLEGo9+4I/nj7+2JkqFxTMKmMNjVXpR2BTo9m16pncjFDmhFmRm7YEwf23ig1pVFou7bpi5+YnYDI+qHbeWgqhS106Fq+vRBOfBsIHWl3gbcS7zTQTW4ykcK5FSmfhGzUyNb457T8aDKFhH+lgs9VwFfiNUpSzPAVbovA1lNFh0LICRbE9fmVlxrr8HEGRx2jnjZq8nvRlxvwbO5pcafHaGHMd4CznSzOv3t71D4k++JiPAl0MLy67u9crGARZYbI4zSCsFkh//7DIdcCAwEAAQ==
-----END PUBLIC KEY-----


Note: Since you will receive an mTLS Certificate with this public key to authenticate to the API Server, remember to generate the key using the tools and system that can be used by your client API application.

 

Decrypt the RESTful API Credentials

GlobalSign will return your RESTful API login credentials in an encrypted file, which you must decrypt in order to receive the API Key and Secret. If using OpenSSL, follow these steps:

  1. GlobalSign will email a file named something like:
    “3321a629df57bfb-CompanyName.enc”
  2. Save the file on your computer.
  3. Run the following command. Note that the privatekey.pem is the private key generated as part of the key generation process discussed above. If you protected your private key with a passcode, you will be prompted for it during this process step.
    openssl rsautl -decrypt -oaep -inkey /PATH/TO/privatekey.pem -in /PATH/TO/ENCRYPTEDFILE.ENC -out /PATH/TO/FILETOCREATE
  4. The FILETOCREATE element contains the decrpted API Key and Secret to access the GlobalSign RESTful API. Store them in a safe location. The format of this 2-line file is:
    key: key_value 
    secret: secret_value

Install mTLS Certificate

GlobalSign will issue an mTLS Certificate to you based on the public key you supplied above. You will need to configure your API client to use it when authenticating to the API Service. This Certificate is issued directly from the Root Certificate listed below. 

 

The Root is:

-----BEGIN CERTIFICATE-----
MIIDPTCCAiWgAwIBAgIOSPWzWpSc6qMALB8hBXcwDQYJKoZIhvcNAQELBQAwODET MBEGA1UEChMKR2xvYmFsU2lnbjEhMB8GA1UEAxMYR2xvYmFsU2lnbiBtVExTIElu ZnJhIENBMB4XDTE3MDExMTAwMDAwMFoXDTI3MDExMTAwMDAwMFowODETMBEGA1UE ChMKR2xvYmFsU2lnbjEhMB8GA1UEAxMYR2xvYmFsU2lnbiBtVExTIEluZnJhIENB MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd425W5eqDn1TE1SHI9/ 6FCKD4Ez5tZKCeZnMpB0M6X3zJWPiZO4DmDz4+xjxEW5RUx6YRIqIns3WmiAtUQS bfIrqAnWxFY6JxtP7ZPOIxiJet5fn2zosTia7i1KLFBjNvrn0cQD3XuXItYEcEjg NVegU4S7IGoyuplVdBdV4gYY8r6bvkLDADX5OhuwzPR2bF7CwvVexurYUv8ud3Jp D/ZbRacMZMPNiAXHtBnDMctBNNCH637Fes3+I+SBD6KER7cJ2FW6U+kRM9rgqnmD cQyU+YhHNyqGBui3x8N6VY41VytJE21/OQZ4tVe8dapvTdlgph8Ir/xO9mxf+erg bQIDAQABo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAd BgNVHQ4EFgQUPdjQC3ELYB+Pkm3rNp/aUevy5VYwDQYJKoZIhvcNAQELBQADggEB AFJK39DMul2m1x+qVCicR7uMFAgRjg0EFtNMkys2u/1bMcfNfBA+5WNURgmDbdhN lHVRZ5byC31q1S/pnjzAFQz9jOORPcHueKlnRFFbJCQNcnasm3JDwB7tcqrnnnm6 nBaEXn+sLYMIwXF80P73wqu/uXUtOuCNS7//iT6KblPMNIRRg+t+naZlr2JogOJR iGx2UPZE6NwYb0MWa0AgtksC5aY3PpSFUFSUbV/PiUz2LxaASvmf6mlzROPXmxM3 VZWgOPdkAaem2LWNiiqYDYGAjvQ//xtMOBuwLYSEh+d9q+lt+lu78LFJ5XOD5j+Q
9CwEI+nC2JJCRlSankJezbg=
-----END CERTIFICATE-----

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Please click the button below to log in or sign up.

Log In - Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.