Client Certificates

Prev Next

Available in Classic and VPC

Client certificate public key can be used to check whether the request HTTP source is the API Gateway from the backend system, and set it to only respond to requests from the API Gateway.

Client Certificates screen and list

The basics of using client certificates menus on API Gateway are as follows.

apigw-apigw-certificates-list_ko

Field Description
① Menu name Name of the menu currently being viewed, number of client certificates in operation
② Basic features Create Client Certificate, view detailed API Gateway information, page refresh
③ Post-creation features Edit and Delete client certificate in operation
④ Search window Enter the certificate name, and then click i-apigateway-find to search
⑤ Filter Filter items based on client certificate status
⑥ Sort Set the number of client certificates to display on each list page
⑦ Client Certificate List Check Client Certificate list in operation
  • Certificate ID: ID of created client certificate (automatic designation)
  • Certificate Name: name of client certificate set during client certification creation
  • Description: description of client certificate set during client certificate creation
  • Status: client certificate status
  • Authentication Start Date: date when client certificate is created
  • Authentication End Date: date when client certificate ends
View Check, Copy, and Download Client Certificate Public Key of created client certificate

Create Client Certificate

The following describes how to create a client certificate.

  1. From the NAVER Cloud Platform console, click the Services > Application Services > API Gateway menus, in that order.
  2. Click the Client Certificates menu.
  3. Click the [Create Client Certificate] button.
  4. Enter the client certificate information, and then click the [Save] button.
    • Name: Enter the name for the client certificate.
    • Description: Enter the description for the client certificate.
  5. Client Certificate: Check whether the created client certificate is displayed on the list.

Edit Create Client

The following describes how to edit the client certification description.

  1. From the NAVER Cloud Platform console, click the Services > Application Services > API Gateway menus, in that order.
  2. Click the Client Certificates menu.
  3. Click to select the client certificate to edit from the Client Certificate list, and then click the [Edit] button.
  4. Edit settings from the Edit Client Certificate screen, and then click the [Edit] button.

Delete Client Certificate

The following describes how to delete a client certificate.

  1. From the NAVER Cloud Platform console, click the Services > Application Services > API Gateway menus, in that order.
  2. Click the Client Certificates menu.
  3. Click to select the client certificate to delete from the Client Certificate list, and then click the [Delete] button.
  4. Check the details in the Delete pop-up window, and then click the [Delete] button.

Client Certificate use

The created client certificate can be applied to a server and be used.

Note

Refer to Create Stage for information of how to set a created client certificate to an API endpoint.

Check Client Certificates and apply to server

Check, copy and download the public key of the created client certificate.

The following describes how to manage client certificates.

  1. From the NAVER Cloud Platform console, click the Services > Application Services > API Gateway menus, in that order.
  2. Click the Client Certificates menu.
  3. Click the [View] button on the client certificate from the Client Certificate list.
  4. Check, Copy and Download the public key from the View Client Certificate pop-up window.
    • To copy the public key to the clipboard, click i-apigateway-clipboard.
    • To save the public key as a file (*.pem), click the [Export] button.
  5. Apply the copied public key to an endpoint HTTPS server.

    • In case of an Nginx server, client certificate can be applied as the following.

      ...

server {
listen 443 ssl;
server_name example.com;

ssl_protocols TLSv1.1 TLSv1.2;
# HTTPS Certificate
ssl_certificate "server-cert.pem";
ssl_certificate_key "server-key.pem";

# Client Certificate
ssl_client_certificate "client-cert.pem";
ssl_verify_client on;

access_log /var/log/nginx/example.com;

...

Client Certificate replacement

A client certificate is valid for 1 year. To maintain endpoint service, create a new certificate and replace the existing certificate before it expires.

The following describes how to replace a client certificate of an Nginx server.

  1. From the NAVER Cloud Platform console, click the Services > Application Services > API Gateway menus, in that order.
  2. Click the Client Certificates menu.
  3. Click the [Create Client Certificate] button to Create Client Certificate.
  4. Replace the existing client certificate file of the endpoint with the new certificate and restart the Nginx server.
  5. Go to the API Set Stage screen of My Products menu, select the new client certificate, and save.
  6. Delete Client Certificate from the Client Certificates menu to delete the existing certificate.
  7. Delete the existing certificate from the certificate file applied to the endpoint.