How to prepare Surescripts mTLS
Last updated
Was this helpful?
Last updated
Was this helpful?
probably you'll need to connect under VPN, because Surescripts requires a static IP
Surescripts uses mTLS (mutual TLS) for authentication and authorization.
Please, follow an instructions provided by Surescripts. And once you will have all certs, you can proceed to preparing authentication files.
This is what referenced as surescripts-cert
in compose file example
Use Surescripts provided cert (*.p7b
file).
Create a pem
certificate from it
if file is encrypted: openssl pkcs7 -inform der -in client.p7b -print_certs -out client.pem
if not encrypted: openssl pkcs7 -in client.p7b -print_certs -out client.pem
Edit result file and keep only last entry (first entries are CA related).
This is what referenced as surescripts-private
in compose file example
You have to use a same private key that was used to obtain client cert p7b
.
How to check that keys match
Create module from private key: openssl rsa -noout -modulus -in private.key -out private.module
Create module from client cert: openssl x509 -noout -modulus -in client.pem -out client.module
Compare: diff private.module client.module
Keys match if there is no diff
This is what referenced as surescripts-authority
in compose file example
Here is two options:
Use Surescripts provided cert
Use cert form documentation portal: OutboundStaging.surescripts.net.p7b
Create a pem
cert from it: openssl pkcs7 -inform der -in ca.p7b -print_certs -out ca.pem
Use from client cert
In client.pem
file before entries deletion - there are ones at the beginning that actually a CA part.
Create a pem
cert from it – just copy past into ca.pem
file.
Consider starting module with JVM args for tracing TLS: