Generate a Certificate Signing Request (CSR)
For Knot to authenticate your requests via mTLS, you must generate a private key and a corresponding CSR.
Requirements
- The CSR uses RSA 2048 as the key algorithm.
- The CSR uses SHA2-256 as the hash algorithm.
- The Common Name (CN) attribute is assigned to your
client_id
.
Generating the private key and CSR with OpenSSL
You can use your preferred tool to generate the private key and CSR. See below for an example of how to do so with OpenSSL.
openssl req \
-new -sha256 -newkey rsa:2048 -nodes \
-subj '/CN=[client_id]' \
-keyout client.key -out client.req
Private key
Ensure you keep the private key secure as it will be used in later API requests.
Provide the CSR File to Knot
Forward the CSR file to Knot and request that it be activated for your client_id
. You'll promptly receive a client certificate signed by Knot. This certificate, in conjunction with your private key, will serve as the authentication mechanism for interacting with the API.
Access the API Over mTLS
Once you receive the client certificate signed by Knot, all the requests using your client_id
will require mTLS, so you'll need to attach the client.cert
and client.key
in your HTTP client.