Client Certificates

Prev Next

Available in Classic and VPC

By using the public key of a Client Certificate, you can verify on the backend system whether an incoming HTTP request originates from API Gateway and configure the system to respond only to requests from API Gateway.

Client Certificates interface and list

The following provides a basic overview of the Client Certificates menu for using API Gateway:

apigw-apigw-certificates-list_ko

Component Description
① Menu name Current menu name. Number of client certificates in operation.
② Basic features Create a Client Certificate, view API Gateway details, refresh the page.
③ Post-creation features Edit or Delete active Client Certificates.
④ Search bar Enter the certificate name, then click i-apigateway-find to search for items.
⑤ Filter Filter items based on the Client Certificate status.
⑥ Sort Set the number of Client Certificates displayed per list page.
⑦ Client Certificate list View the list of active Client Certificates.
  • Certificate ID: The ID of the created Client Certificate (automatically assigned).
  • Certificate name: The name set when creating the Client Certificate.
  • Description: The description set when creating the Client Certificate.
  • Status: whether the Client Certificate is valid.
  • Valid from: The date and time when the Client Certificate was created.
  • Valid to: The expiration date and time of the Client Certificate.
View View, copy, and download the public key for the Client Certificate created.

Create a Client Certificate

To create a Client Certificate:

  1. In the NAVER Cloud Platform console, navigate to i_menu > Services > Application Services > API Gateway.
  2. Click the Client Certificates menu.
  3. Click [Create Client Certificate].
  4. Enter the Client Certificate creation details, and then click [Save].
    • Name: Enter the name of the Client Certificate.
    • Description: Enter the description of the Client Certificate.
  5. Verify that the created Client Certificate appears in the Client Certificate list.

Edit a Client Certificate

To edit the description of a Client Certificate:

  1. In the NAVER Cloud Platform console, navigate to i_menu > Services > Application Services > API Gateway.
  2. Click the Client Certificates menu.
  3. In the Client Certificate list, select the Client Certificate you want to edit, then click [Edit].
  4. On the Edit Client Certificate interface, update the settings, then click [Edit].

Delete a Client Certificate

To delete a Client Certificate:

  1. In the NAVER Cloud Platform console, navigate to i_menu > Services > Application Services > API Gateway.
  2. Click the Client Certificates menu.
  3. In the Client Certificate list, select the Client Certificate you want to delete, then click [Delete].
  4. Check the details in the Delete popup and click [Delete].

Use a Client Certificate

You can apply and use the created Client Certificate on your server.

Note

For instructions on configuring a Client Certificate on an API endpoint, see Create Stage.

View a Client Certificate and apply to server

You can view, copy, and download the public key of the created Client Certificate.

To view and manage a Client Certificate:

  1. In the NAVER Cloud Platform console, navigate to i_menu > Services > Application Services > API Gateway.
  2. Click the Client Certificates menu.
  3. In the Client Certificate list, click [View] for the target Client Certificate.
  4. In the View Client Certificate popup, view, copy, or download the public key.
    • To copy the public key to the clipboard, click i-apigateway-clipboard.
    • To save the public key as a file (*.pem), click [Export].
  5. Apply the copied public key to the endpoint HTTPS server.

    • For Nginx servers, you can apply the Client Certificate accordingly.

      ...

server {
listen 443 ssl;
server_name example.com;

ssl_protocols TLSv1.1 TLSv1.2;
# HTTPS Certificate
ssl_certificate "server-cert.pem";
ssl_certificate_key "server-key.pem";

# Client Certificate
ssl_client_certificate "client-cert.pem";
ssl_verify_client on;

access_log /var/log/nginx/example.com;

...

Replace a Client Certificate

Client Certificates are valid for 1 year. To maintain endpoint services, you must create a new certificate and replace the existing one before it expires.

To replace a Client Certificate on an Nginx server:

  1. In the NAVER Cloud Platform console, navigate to i_menu > Services > Application Services > API Gateway.
  2. Click the Client Certificates menu.
  3. Click [Create Client Certificate] to Create Client Certificate newly.
  4. Replace the existing client certificate file applied to the endpoint with the new certificate, then restart the Nginx server.
  5. Go to the API's Set Stage interface in the My Products menu, select the new Client Certificate, and save the changes.
  6. Delete Client Certificate from the Client Certificates menu.
  7. Remove the existing certificate from the certificate files applied to the endpoint.