Client Certificates
    • PDF

    Client Certificates

    • PDF

    Article Summary

    Available in Classic and VPC

    Client certificate public key can be used to check whether the request HTTP source is the API Gateway from the backend system, and set it to only respond to requests from the API Gateway.

    Client Certificates screen and list

    The basics of using client certificates menus on API Gateway are as follows.

    apigw-apigw-certificates-list_ko

    FieldDescription
    ① Menu nameName of the menu currently being viewed, number of client certificates in operation
    ② Basic featuresCreate Client Certificate, view detailed API Gateway information, page refresh
    ③ Post-creation featuresEdit and Delete client certificate in operation
    ④ Search windowEnter the certificate name, and then click i-apigateway-find to search
    ⑤ FilterFilter items based on client certificate status
    ⑥ SortSet the number of client certificates to display on each list page
    ⑦ Client Certificate ListCheck Client Certificate list in operation
    • Certificate ID: ID of created client certificate (automatic designation)
    • Certificate Name: name of client certificate set during client certification creation
    • Description: description of client certificate set during client certificate creation
    • Status: client certificate status
    • Authentication Start Date: date when client certificate is created
    • Authentication End Date: date when client certificate ends
    ViewCheck, Copy, and Download Client Certificate Public Key of created client certificate

    Create Client Certificate

    The following describes how to create a client certificate.

    1. From the NAVER Cloud Platform console, click the Services > Application Services > API Gateway menus, in that order.
    2. Click the Client Certificates menu.
    3. Click the [Create Client Certificate] button.
    4. Enter the client certificate information, and then click the [Save] button.
      • Name: Enter the name for the client certificate.
      • Description: Enter the description for the client certificate.
    5. Client Certificate: Check whether the created client certificate is displayed on the list.

    Edit Create Client

    The following describes how to edit the client certification description.

    1. From the NAVER Cloud Platform console, click the Services > Application Services > API Gateway menus, in that order.
    2. Click the Client Certificates menu.
    3. Click to select the client certificate to edit from the Client Certificate list, and then click the [Edit] button.
    4. Edit settings from the Edit Client Certificate screen, and then click the [Edit] button.

    Delete Client Certificate

    The following describes how to delete a client certificate.

    1. From the NAVER Cloud Platform console, click the Services > Application Services > API Gateway menus, in that order.
    2. Click the Client Certificates menu.
    3. Click to select the client certificate to delete from the Client Certificate list, and then click the [Delete] button.
    4. Check the details in the Delete pop-up window, and then click the [Delete] button.

    Client Certificate use

    The created client certificate can be applied to a server and be used.

    Note

    Refer to Create Stage for information of how to set a created client certificate to an API endpoint.

    Check Client Certificates and apply to server

    Check, copy and download the public key of the created client certificate.

    The following describes how to manage client certificates.

    1. From the NAVER Cloud Platform console, click the Services > Application Services > API Gateway menus, in that order.
    2. Click the Client Certificates menu.
    3. Click the [View] button on the client certificate from the Client Certificate list.
    4. Check, Copy and Download the public key from the View Client Certificate pop-up window.
      • To copy the public key to the clipboard, click i-apigateway-clipboard.
      • To save the public key as a file (*.pem), click the [Export] button.
    5. Apply the copied public key to an endpoint HTTPS server.
      • In case of an Nginx server, client certificate can be applied as the following.

        ...
        
        server {
        listen 443 ssl;
        server_name example.com;
        
        ssl_protocols TLSv1.1 TLSv1.2;
        # HTTPS Certificate
        ssl_certificate "server-cert.pem";
        ssl_certificate_key "server-key.pem";
        
        # Client Certificate
        ssl_client_certificate "client-cert.pem";
        ssl_verify_client on;
        
        access_log /var/log/nginx/example.com;
        
        ...
        

    Client Certificate replacement

    A client certificate is valid for 1 year. To maintain endpoint service, create a new certificate and replace the existing certificate before it expires.

    The following describes how to replace a client certificate of an Nginx server.

    1. From the NAVER Cloud Platform console, click the Services > Application Services > API Gateway menus, in that order.
    2. Click the Client Certificates menu.
    3. Click the [Create Client Certificate] button to Create Client Certificate.
    4. Replace the existing client certificate file of the endpoint with the new certificate and restart the Nginx server.
    5. Go to the API Set Stage screen of My Products menu, select the new client certificate, and save.
    6. Delete Client Certificate from the Client Certificates menu to delete the existing certificate.
    7. Delete the existing certificate from the certificate file applied to the endpoint.

    Was this article helpful?

    What's Next
    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.