How to configure mTLS on the Digibee Integration Platform

Learn how to install mTLS on your realm.

Mutual Transport Layer Security (mTLS) is a bilateral authentication protocol that verifies users, devices, and servers within an organization by validating that both parties (server and client) have the correct private keys. The Digibee Integration Platform allows consuming and publishing APIs with mTLS protocol to identify customers and servers through TLS certificates.

To enable the Digibee team to proceed with the installation, you must register a certificate using a Root Certificate stored in a Certificate Chain account in your realm. The certificates must be issued, provided, and managed by the customer. Your certificate must be available to successfully communicate with the Digibee server where the Root Certificate was configured.

Configuring the mTLS

To configure the mTLS on Digibee Integration Platform, follow the steps below:

In this configuration, the full certificate chain and key is not necessary. The Password field should be left empty when saving the certificate.

  1. Save the Root Certificate in .pem format in the Chain field. The certificate in .pem format follows this pattern:

-----BEGIN CERTIFICATE-----
MIIF4zCCA8ugAwIBAgIUI/vA3JlEcMMpXnufpuVSLhQZcwUwDQYJKoZIhvcNAQEL
BQAwgYAxCzAJBgNVBAYTAkJSMQswCQYDVQQIDAJTQzELMAkGA1UEBwwCRkwxCzA
JBgNVBAoMAkRHMQ4wDAYDVQQLDAVERy1GTDEPMA0GA1UEAwwGZGduYW1lMSkw
-----END CERTIFICATE-----

Pay attention to the environment, as there may be different certificates for test and prod. Currently, Digibee only supports one certificate per environment.

  1. The name of the account is crucial for the successful installation of the certificate on the Load Balancer dedicated to your realm. It should follow this format: dgb-mtls-REFERENCE_NAME. In the example below the account is named dgb-mtls-autocorp.

  1. After creating the Certificate Chain account with the certificate saved in .pem format, contact Digibee via chat. You should inform the account name so that the certificate can be installed on your realm's Load Balancer.

Using mTLS in other pipelines

  1. Activate the mTLS enabled API parameter in the pipeline trigger.

  2. Uncheck the API Key option in the trigger when using the mTLS enabled API.

Endpoints

Endpoints play a crucial role in the implementation of mTLS, as they are the interaction point between the customer and the server where the mTLS protocol is configured and applied.

Digibee will create new endpoints, other than the regular ones. During the configuration, you will receive information about the newly created endpoints. mTLS endpoints are exclusive for internet access and are not accessible via VPN.

The endpoints generated by the Platform always follow this structure:

  • Production environment

https://api.godigibee.io/pipeline/{{REALM-NAME}}/v1/{{PIPELINE-NAME}
  • Test environment

https://test.godigibee.io/pipeline/{{REALM-NAME}}/v1/{{PIPELINE-NAME}}

The endpoint generated after mTLS installation follows the same format but has the number 2 added to the URL:

  • Production environment

https://api2.godigibee.io/pipeline/{{REALM-NAME}}/v1/{{PIPELINE-NAME}} 
  • Test environment

https://test2.godigibee.io/pipeline/{{REALM-NAME}}/v1/{{PIPELINE-NAME}}

Last updated

Was this helpful?