Skip to main content
All CollectionsSettings
How to configure mutual TLS (mTLS) on the Digibee Platform
How to configure mutual TLS (mTLS) on the Digibee Platform

Understand how to install mTLS on your Realm

Pablo Brunetti avatar
Written by Pablo Brunetti
Updated over 3 months ago

Certificates are confidential and should not be shared via Digibee chat. Since this configuration relates to client validation by the server, We only need the Root Certificate saved in a "Certificate Chain" account in your realm.

Note that in this configuration, We don't need the full certificate chain and key. It also doesn't make sense to use the "password" field at this stage; It should be left empty when saving the certificate.

Save the certificate in .PEM format in the "chain" field.

Example of a certificate in .PEM format:

-----BEGIN CERTIFICATE-----
MIIF4zCCA8ugAwIBAgIUI/vA3JlEcMMpXnufpuVSLhQZcwUwDQYJKoZIhvcNAQEL
BQAwgYAxCzAJBgNVBAYTAkJSMQswCQYDVQQIDAJTQzELMAkGA1UEBwwCRkwxCzA
JBgNVBAoMAkRHMQ4wDAYDVQQLDAVERy1GTDEPMA0GA1UEAwwGZGduYW1lMSkw
-----END CERTIFICATE-----

The name to be defined in the account is crucial for the successful installation of the certificate on the load balancer dedicated to your realm. It should follow this format:

dgb-mtls-REFERENCE_NAME


See the example below:

In this example, We named the account dgb-mtls-autocorp.

Pay attention to the environments, as there may be different certificates for test and prod.

After creating the "certificate-chain" account with the certificate saved in .PEM format, contact Digibee via chat, informing the account name so that the certificate can be installed on your realm's load balancer.

Currently, We only support one certificate per environment.

To use mTLS in other pipelines, simply activate the "mTLS enabled API" flag in the pipeline trigger.

Uncheck the "API Key" option in the trigger when using the "mTLS enabled API".



The endpoints generated by the platform always follow this structure:

Production Environment:

https://api.godigibee.io/pipeline/{{NOME_DO_REALM}}/v1/{{NOME_DO_PIPELINE}}


Test Environment:​

https://test.godigibee.io/pipeline/{{NOME_DO_REALM}}/v1/{{NOME_DO_PIPELINE}}



The endpoint generated after mTLS installation will follow the same format but will have "2" added to the URL:

Production Environment:

https://api2.godigibee.io/pipeline/{{NOME_DO_REALM}}/v1/{{NOME_DO_PIPELINE}}


Test Environment:​

https://test2.godigibee.io/pipeline/{{NOME_DO_REALM}}/v1/{{NOME_DO_PIPELINE}}


On the client side, the client certificate must be present to successfully communicate with the Digibee server where the Root Certificate was configured.

Did this answer your question?