mTLS & API Key Creation
Author(s): Kyle Vessey and Clark Chen, September 2022
You are responsible for safe storage and distribution of the Signed mTLS Certificate, and the API Key files generated by this tutorial.
The steps below will generate certificate signing request (CSR) and Private Key files. You generate these files and submit only the CSR file to Xecta for verification and signing. Once verified Xecta will return a signed PEM file which acts as a digital identity certificate. This certificate is then used to authenticate individual machine/server/devices with our servers. Our servers reject API requests made from machines that do not have these files installed.
You will receive a single certificate file from us: xecta-data-api.pem. You will also receive a text file which contains your API client ID and Client Secret
The steps below will also generate a Private Key file named xecta-data-api.key
DO NOT share this file with anyone, including Xecta
Once you receive your certificate and API keys you can use our Postman Tutorial or use the C# / Python quick start tutorials to test the credentials.
The steps below will generate your certificate submission. Once you submit your CSR files please allow 2 business days for verification and processing
OpenSSL Required

The steps require OpenSSL to be installed on the machine that is generating the CSR. To install OpenSSL, follow the installation instructions at the end of this tutorial.

You may also use any other SSL/TLS library to generate a CSR, however the steps in the tutorial will not have the correct commands to do so.
You must have OpenSSL installed to continue. Use the shell command below to generate your private key and CSR.
Complete the CSR Information similar to the example below. Your challenge password and optional company name can be left blank.


Open the directory where you ran the OpenSSL command from. There will be two files. A .CSR and .KEY file. Open the xecta-data-api.csr. If it was correctly generated it will follow the format below.
The CSR content above is a demonstration file. You cannot use this CSR as your own submission.
Contact your account manager or our customer support team for instructions to securely transfer your CSR file to us. We can use a secure file share system provided by you (the customer), or a system provided by us (Xecta).

a .PEM File and a text file with API Keys will be sent to you via the secure file share which was used in Step 2
- A Signed Certificate (xecta-data-api.pem)
- The Client ID and Client Secret API keys for your production environment

Follow our Postman Tutorial to test your mTLS connection and API Keys
HTTP Error Code | Error Message | Common Issue |
-- | ERR_CONNECTION_RESET | When you see this message, it typically means TLS not working |
403 | 403 Forbidden | This message means TLS is working, but the credentials you have entered are wrong |
200 | 200 OK | Valid TLS and Client Credentials |
To verify if you have OpenSSL installed go to your terminal or command prompt and type the following command:
This should return the version of OpenSSL you have installed on your machine
To install OpenSSL, download the library from the official OpenSSL website: https://slproweb.com/products/Win32OpenSSL.html
Download the latest Win32 OR Win64 OpenSSL executable:
Run the executable file to start working with OpenSSL in the command prompt
macOS

If you are on macOS, you may already have an SSL client installed called libressl which works the same with the commands in this tutorial.
To install OpenSSL, download the library from the OpenSSL website: https://www.openssl.org/source/
Read through the "Downloads" content, then scroll down and download the latest stable version of OpenSSL.
Once you download and install the package, you can verify it is installed with the command above in the "Check OpenSSL Version" tutorial
