Menu

How to Manually Obtain GlobalSign Atlas API Credentials

May 7, 2025

Introduction

This article will walk you through the process of manually obtaining GlobalSign Atlas API credentials for using the GlobalSign Atlas APIs. This article is available for non-Atlas portal customers.

If you have a GlobalSign Atlas portal account, you can manage your API credentials directly in the portal. Please refer to this support article for more information. 

To receive your GlobalSign Atlas API credentials manually outside of the portal, you need to generate an RSA key pair. This key pair will be used for two purposes:

  1. GlobalSign will encrypt the API account credentials using your public key and send them to you. You will need to use your private key to decrypt them.
  2. GlobalSign will supply you with an mTLS access certificate based on your public key. You will need to use this certificate to access our APIs, along with the encrypted credentials.
     

Generate a Key Pair

There are various methods for generating public/private keys. For the purposes of this example, we used OpenSSL. Whatever method you use, ensure your software is up to date and to the latest version.

  1. To generate the private key, run the following script:
    openssl genrsa -aes256 -out /PATH/TO/privatekey.pem 2048 
  2. To generate the public key using the private key, run the following script:
    openssl rsa -in /PATH/TO/privatekey.pem -outform PEM -pubout -out /PATH/TO/publickey.pem 

This option generates the private key in an encrypted file using a user-supplied passcode, which is recommended for most purposes. Depending on how you are connecting to the APIs (e.g. curl/related libraries, Postman, etc.) you may need the private key in unencrypted form. 

Note: In the event you need the key in unencrypted form, you can omit the -aes256 from the command above.

You're obligated to protect this private key as this would permit a third party to decrypt your credentials and access your mTLS certificate.

Once complete, supply the contents of the publickey.pem file to GlobalSign during the account enrollment process for obtaining your Atlas API credentials. The file should have the format of:

-----BEGIN PUBLIC KEY-----
MIICIjANB....
-----END PUBLIC KEY----- 

Note: Since you will receive an mTLS certificate with this public key to authenticate to the API Server, remember to generate the key using the tools and system that can be used by your client API application.

Decrypt the API Credentials

GlobalSign will return your Atlas API credentials in an encrypted file, which you must decrypt in order to receive the API Key and Secret. If using OpenSSL, follow these steps:

  1. GlobalSign will email a file named something like:
    “account-09A9A9A9A9A954FT1T1T1T10-cred-000b1c3e71ad7z5-globalsign.enc”
  2. Save the file on your computer.

  3. Run the following command. Note that the privatekey.pem is the private key generated as part of the key generation process discussed above. If you protected your private key with a passcode, you will be prompted for it during this step.
    openssl pkeyutl -inkey </PATH/TO/PRIVATE_KEY.PEM> -in </PATH/TO/ENCRYPTEDFILE.ENC> -out </PATH/TO/FILETOCREATE.txt> -decrypt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256

  4. The FILETOCREATE.txt element will contain your Key and Secret. The format of this 2-line file is:
    key: key_value
    secret: secret_value

    The API key also forms part of the encrypted file name after the word ‘cred-‘. For example:
    account-09A9A9A9A9A954FT1T1T1T10-cred-000b1c3e71ad7z5-globalsign.enc

Install mTLS Certificate

GlobalSign will issue you an mTLS certificate based on the public key you supplied above. You will need to configure your API client to use it when authenticating to Atlas. This certificate is issued from the intermediate and root certificates listed below:

GlobalSign Atlas API mTLS CA 2023

GlobalSign Atlas API mTLS CA 2023
Expires: August 15, 2033

View in Base64

GlobalSign Infrastructure Authentication CA

GlobalSign Infrastructure Authentication CA 
Expires: August 6, 2041 

View in Base64

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support