mTLS & API Key Creation

you are responsible for safe storage and distribution of the signed mtls certificate, and the api key files generated by this tutorial you are responsible for safe storage and distribution of the signed mtls certificate, and the api key files generated by this tutorial the mtls certificate the steps below will generate certificate signing request (csr) and private key files you generate these files and submit only the csr file to xecta for verification and signing once verified xecta will return a signed pem file which acts as a digital identity certificate this certificate is then used to authenticate individual machine/server/devices with our servers our servers reject api requests made from machines that do not have these files installed you will receive a single certificate file from us xecta data api pem you will also receive a text file which contains your api client id and client secret the steps below will also generate a private key file named xecta data api key do not share this file with anyone, including xecta testing the credentials once you receive your certificate and api keys you can use our postman tutorial docid\ lgtlviilhglckn 0qa8mg or use the c# tutorial docid 3 nzuyhj6lz8oinqvbedy / python tutorial docid\ zpnzzc23zo2rjpamduwzx quick start tutorials to test the credentials the steps below will generate your certificate submission once you submit your csr files please allow 2 business days for verification and processing 1 generate a public / private key pair and certificate signing request (csr) using openssl openssl required the steps require openssl to be installed on the machine that is generating the csr to install openssl, follow the installation instructions at the end of this tutorial you may also use any other ssl/tls library to generate a csr, however the steps in the tutorial will not have the correct commands to do so you must have openssl installed to continue use the shell command below to generate your private key and csr openssl req out xecta data api csr new newkey rsa 2048 nodes keyout xecta data api key complete the csr information similar to the example below your challenge password and optional company name can be left blank open the directory where you ran the openssl command from there will be two files a csr and key file open the xecta data api csr if it was correctly generated it will follow the format below \ begin certificate request miic6dccadacaqawgykxczajbgnvbaytalvtmq4wdaydvqqidavuzxhhczeqma4g miic6dccadacaqawgykxczajbgnvbaytalvtmq4wdaydvqqidavuzxhhczeqma4g edaobgnvbammb0t5bgvezxyxjdaibgkqhkig9w0bcqewfwt5bguudmvzc2v5qhhl y3rhlmnvbtccasiwdqyjkozihvcnaqebbqadggepadccaqocggebalbgdrua53q2 xlgzwo2dkm5r3o8e5yn3am1dme+9rmiuemju92pnw+qzzuhqfce0kq282e3ypc97 edaobgnvbammb0t5bgvezxyxjdaibgkqhkig9w0bcqewfwt5bguudmvzc2v5qhhl ggikavfujqhbmi/tdzjfxurlzrweannm6xanozz7bvl8raj+/hbryu7j9ovxhgsi zcbacqn6w3n2cri3ktgemhezyozr8hbjrsmafpdbenmzx8fpxeieljxzulyer96a otpvlawvpxjuw5e9sgtqufjk4togpgbxssxugexh2b5dpzruj4v0il2xxivlhmqp edaobgnvbammb0t5bgvezxyxjdaibgkqhkig9w0bcqewfwt5bguudmvzc2v5qhhl 9w0baqsfaaocaqeaoamaiehbgox8soi8e/smyzg5nrgtbb05dxamgfteneli5a1j ddtoa8okfm+0/0kkhuixkmrctrcjoog92b2dspzsqwuw/nqrfpfh/3+wlzsvweop vxm2bpach1qi8g0mp8gtbndc7g6fdnanq1+yrnbh356qzmzarzy/eqzczidkty7y 3w1yedefaympba/eo+aqlzldh1vxdzriiic7pg== \ end certificate request the csr content above is a demonstration file you cannot use this csr as your own submission 2 submit the csr file to xecta support contact your account manager or our customer support team for instructions to securely transfer your csr file to us we can use a secure file share system provided by you (the customer), or a system provided by us (xecta) 3 retrieve and save the returned certificate, client id and client secret a pem file and a text file with api keys will be sent to you via the secure file share which was used in step 2 a signed certificate (xecta data api pem) the client id and client secret api keys for your production environment 4 test the connection using the postman tutorial follow our postman tutorial docid\ lgtlviilhglckn 0qa8mg to test your mtls connection and api keys common connection errors http error code error message common issue err connection reset when you see this message, it typically means tls not working 403 403 forbidden this message means tls is working, but the credentials you have entered are wrong 200 200 ok valid tls and client credentials openssl notes to verify if you have openssl installed go to your terminal or command prompt and type the following command openssl version this should return the version of openssl you have installed on your machine openssl installation for windows to install openssl, download the library from the official openssl website https //slproweb com/products/win32openssl html https //slproweb com/products/win32openssl html download the latest win32 or win64 openssl executable run the executable file to start working with openssl in the command prompt openssl installation for mac macos if you are on macos, you may already have an ssl client installed called libressl which works the same with the commands in this tutorial to install openssl, download the library from the openssl website https //www openssl org/source/ https //www openssl org/source/ read through the "downloads" content, then scroll down and download the latest stable version of openssl once you download and install the package, you can verify it is installed with the command above in the "check openssl version" tutorial