How to prepare Surescripts mTLS
Last updated
Was this helpful?
Last updated
Was this helpful?
probably you'll need to connect under VPN, because Surescripts requires a static IP
Surescripts uses for authentication and authorization.
Please, follow an instructions provided by Surescripts. And once you will have all certs, you can proceed to .
Use Surescripts provided cert (*.p7b
file).
Create a pem
certificate from it
if file is encrypted: openssl pkcs7 -inform der -in client.p7b -print_certs -out client.pem
if not encrypted: openssl pkcs7 -in client.p7b -print_certs -out client.pem
Edit result file and keep only last entry (first entries are CA related).
You have to use a same private key that was used to obtain client cert p7b
.
Note, that your private key must be PKCS#8, in case it's PKCS#1 please use following command for conversion:
How to check that keys match
Create module from private key: openssl rsa -noout -modulus -in private.key -out private.module
Create module from client cert: openssl x509 -noout -modulus -in client.pem -out client.module
Compare: diff private.module client.module
Keys match if there is no diff
Here is two options:
Use Surescripts provided cert
Use cert form documentation portal: OutboundStaging.surescripts.net.p7b
Create a pem
cert from it: openssl pkcs7 -inform der -in ca.p7b -print_certs -out ca.pem
Use from client cert
In client.pem
file before entries deletion - there are ones at the beginning that actually a CA part.
Create a pem
cert from it – just copy past into ca.pem
file.
Consider starting module with JVM args for tracing TLS:
This is what referenced as surescripts-cert
in
This is what referenced as surescripts-private
in
This is what referenced as surescripts-authority
in