How to Obtain GlobalSign Atlas Account Credentials

Introduction

This article will walk you through the process of obtaining GlobalSign Atlas account credentials for using Atlas APIs. This article is also relevant for non-Atlas Portal customers.
If you are using the recently launched Atlas Portal to manage your Digital Signing Service (DSS) Account, then please refer to the articles found here.

To access your GlobalSign Atlas account, you need to generate an RSA key pair. This key pair will be used for two purposes:

  1. GlobalSign will encrypt the API account credentials using this public key and send them to you. You will need to use your private key to decrypt them.
  2. GlobalSign will supply you with an mTLS access Certificate based on your public key. You will need to use this Certificate to access our APIs, along with the encrypted credentials.
     

Generate a Key Pair

There are various methods for generating public/private keys. For the purposes of this example, we used OpenSSL.

Note: You are required to use the OpenSSL version 1.1.1.

  1. To generate the private key, run the following script:
    openssl genrsa -des3 -out /PATH/TO/privatekey.pem 2048 
  2. To generate the public key using the private key, run the following script:
    openssl rsa -in /PATH/TO/privatekey.pem -outform PEM -pubout -out /PATH/TO/publickey.pem 

This option generates the private key in an encrypted file using a user-supplied passcode, which is recommended for most purposes. Depending on how you are connecting to the API (e.g. curl/related libraries, Postman, etc) you may need the private key in unencrypted form. 

Note: In the event you need the key in unencrypted form, you can omit the -des3 from the command above.

You're obligated to protect this private key as this would permit a third party to decrypt your credentials and access your mTLS Certificate.

You will need to supply the contents of the publickey.pem file to GlobalSign during the account enrollment process for obtaining your Atlas account credentials. It has the format of:

-----BEGIN PUBLIC KEY-----
MIICIjANBfkqhkiG9w0BAQBFAAOCAg8AMIICCgKCAgEAyNWb1c14iT994U+zC0PS
H7nMaA7nwPswAxxnMSCYYo1sGDjR3WvILiXjpCfIkv9PFNhhJ9MOj/AUqSoWKgzV
jSMsvGMyAHdvZfMF3GLRR05tPA/B8ZZDr0npTP/hP4mFwHCE2Xg+VMpNfn3qUr9x
ZBUtmKrvKoaQoSDbvoZMRiOvs4+wL+yMqWTVsAipiDC0kMKMWiI4RKrqn91euK4Z
xrZUtFtzEX8so+3U9rK/oBX0UW7Zdjp5u3yqGEP84WyGV9qjQqcdh2JAhmBPPSv7
mES9ZApr/4AcLRyZbsMiD7Ihh0+IE6xxfPEaVRRXoa38hA+Bssl2cNLx+CoN5IJ5
qRazPilU+meDWJqf+0QBe2pu0Xdtg29AlVcszjPAoSTNvJseMKjzGkca/dtOoSe3
KxZWQnIjLEGo9+4I/nj7+2JkqFxTMKmMNjVXpR2BTo9m16pncjFDmhFmRm7YEwf2
3ig1pVFou7bpi5+YnYDI+qHbeWgqhS106Fq+vRBOfBsIHWl3gbcS7zTQTW4ykcK5
FSmfhGzUyNb457T8aDKFhH+lgs9VwFfiNUpSzPAVbovA1lNFh0LICRbE9fmVlxrr
8HEGRx2jnjZq8nvRlxvwbO5pcafHaGHMd4CznSzOv3t71D4k++JiPAl0MLy67u9c
rGARZYbI4zSCsFkh//7DIdcCAwEAAQ==
-----END PUBLIC KEY----- 

Note: Since you will receive an mTLS Certificate with this public key to authenticate to the API Server, remember to generate the key using the tools and system that can be used by your client API application.

Decrypt the RESTful API Credentials

GlobalSign will return your Atlas account credentials in an encrypted file, which you must decrypt in order to receive the API Key and Secret. If using OpenSSL, you are required to use the OpenSSL version 1.1.1, and follow these steps:

  1. GlobalSign will email a file named something like:
    “account-09A9A9A9A9A954FT1T1T1T10-cred-000b1c3e71ad7z5-globalsign.enc”
  2. Save the file on your computer.
  3. Run the following command. Note that the privatekey.pem is the private key generated as part of the key generation process discussed above. If you protected your private key with a passcode, you will be prompted for it during this process step.
    openssl pkeyutl -inkey </PATH/TO/PRIVATE_KEY.PEM> -in </PATH/TO/ENCRYPTEDFILE.ENC> -out </PATH/TO/FILETOCREATE.txt> -decrypt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256

  4. The FILETOCREATE.txt element will contain your Key and Secret; the API key also forms part of the encrypted file name after the word ‘cred-‘.

    For example: account-09A9A9A9A9A954FT1T1T1T10-cred-000b1c3e71ad7z5-globalsign.enc

Install mTLS Certificate

GlobalSign will issue you an mTLS Certificate based on the public key you supplied above. You will need to configure your API client to use it when authenticating to Atlas. This Certificate is issued directly from the Root Certificate listed below.

-----BEGIN CERTIFICATE-----
MIIDPTCCAiWgAwIBAgIOSPWzWpSc6qMALB8hBXcwDQYJKoZIhvcNAQELBQAwODET
MBEGA1UEChMKR2xvYmFsU2lnbjEhMB8GA1UEAxMYR2xvYmFsU2lnbiBtVExTIElu
ZnJhIENBMB4XDTE3MDExMTAwMDAwMFoXDTI3MDExMTAwMDAwMFowODETMBEGA1UE
ChMKR2xvYmFsU2lnbjEhMB8GA1UEAxMYR2xvYmFsU2lnbiBtVExTIEluZnJhIENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd425W5eqDn1TE1SHI9/
6FCKD4Ez5tZKCeZnMpB0M6X3zJWPiZO4DmDz4+xjxEW5RUx6YRIqIns3WmiAtUQS
bfIrqAnWxFY6JxtP7ZPOIxiJet5fn2zosTia7i1KLFBjNvrn0cQD3XuXItYEcEjg
NVegU4S7IGoyuplVdBdV4gYY8r6bvkLDADX5OhuwzPR2bF7CwvVexurYUv8ud3Jp
D/ZbRacMZMPNiAXHtBnDMctBNNCH637Fes3+I+SBD6KER7cJ2FW6U+kRM9rgqnmD
cQyU+YhHNyqGBui3x8N6VY41VytJE21/OQZ4tVe8dapvTdlgph8Ir/xO9mxf+erg
bQIDAQABo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAd
BgNVHQ4EFgQUPdjQC3ELYB+Pkm3rNp/aUevy5VYwDQYJKoZIhvcNAQELBQADggEB
AFJK39DMul2m1x+qVCicR7uMFAgRjg0EFtNMkys2u/1bMcfNfBA+5WNURgmDbdhN
lHVRZ5byC31q1S/pnjzAFQz9jOORPcHueKlnRFFbJCQNcnasm3JDwB7tcqrnnnm6
nBaEXn+sLYMIwXF80P73wqu/uXUtOuCNS7//iT6KblPMNIRRg+t+naZlr2JogOJR
iGx2UPZE6NwYb0MWa0AgtksC5aY3PpSFUFSUbV/PiUz2LxaASvmf6mlzROPXmxM3
VZWgOPdkAaem2LWNiiqYDYGAjvQ//xtMOBuwLYSEh+d9q+lt+lu78LFJ5XOD5j+Q
9CwEI+nC2JJCRlSankJezbg=
-----END CERTIFICATE-----

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Please click the button below to log in or sign up.

Log In - Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.