Authentication with mTLS
probably you'll need to connect under VPN, because Surescripts requires a static IP
Surescripts uses mTLS (mutual TLS) for authentication and authorization.

Please, follow an instructions provided by Surescripts. And once you will have all certs, you can proceed to preparing authentication files.
How to get proper authentication files
Client Certificate
This is what referenced as surescripts-cert
in compose file example
Use Surescripts provided cert (
*.p7b
file).Create a
pem
certificate from itif file is encrypted:
openssl pkcs7 -inform der -in client.p7b -print_certs -out client.pem
if not encrypted:
openssl pkcs7 -in client.p7b -print_certs -out client.pem
Edit result file and keep only last entry (first entries are CA related).
Private Key
This is what referenced as surescripts-private
in compose file example
You have to use a same private key that was used to obtain client cert
p7b
.
Note, that your private key must be PKCS#8, in case it's PKCS#1 please use following command for conversion:
openssl pkcs8 -topk8 -inform PEM -outform PEM \
-in your.key \
-out private.key -nocrypt
How to check that keys match
Create module from private key:
openssl rsa -noout -modulus -in private.key -out private.module
Create module from client cert:
openssl x509 -noout -modulus -in client.pem -out client.module
Compare:
diff private.module client.module
Keys match if there is no diff
Certificate Authority
This is what referenced as surescripts-authority
in compose file example
Here is two options:
Use Surescripts provided cert
Use cert form documentation portal:
OutboundStaging.surescripts.net.p7b
Create a
pem
cert from it:openssl pkcs7 -inform der -in ca.p7b -print_certs -out ca.pem
Use from client cert
In
client.pem
file before entries deletion - there are ones at the beginning that actually a CA part.Create a
pem
cert from it – just copy past intoca.pem
file.
Troubleshooting
Consider starting module with JVM args for tracing TLS:
-Djavax.net.debug=ssl:handshake:verbose:keymanager
Last updated
Was this helpful?