# FAQs: Certificates in mTLS

Mutual TLS (mTLS) is a bilateral authentication protocol that ensures both the server and client are authenticated. By verifying that both parties possess the correct private key, mTLS guarantees the identities of the systems or individuals on both ends. Additional verification is provided by the information in their respective TLS certificates.

mTLS is commonly used in Zero Trust security architectures to verify users, devices, and servers within an organization. It also helps to maintain API security.

For more details, refer to the [mTLS authentication](https://docs.digibee.com/documentation/troubleshooting/authentication-and-security-guides/mtls) documentation.

## **FAQs**

<details>

<summary><strong>Do we need to order a new certificate?</strong></summary>

Customers can choose to use either a new certificate or an existing one. On the Digibee Integration Platform, it’s necessary to provide the full Certificate Authority (CA) chain (`ca.crt`) when configuring an [Account](https://app.gitbook.com/s/jvO5S91EQURCEhbZOuuZ/platform-administration/settings/accounts) within the customer’s realm. Ensure the certificate doesn’t have a password; otherwise, it won’t work.

</details>

<details>

<summary><strong>Are wildcards allowed in the certificate?</strong></summary>

Yes, wildcard certificates are allowed.

</details>

<details>

<summary><strong>​What parameters are needed? What is the recommended bit length?</strong></summary>

The key size should be 4096 bits, and the certificate must be signed with the SHA256 algorithm.

</details>