Version 2021

Creating an SSL certificate that can be used to verify a Badge code

Some of the Identity Server APIs require the use of an SSL client certificate when making an API request used for authentication. The instructions below describe how to use this certificate with CURL commands.

The work-flow for creating a certificate that can be used to verify a Badge code is described below.

  1. Use a 3rd-party tool to create a CSR (.csr) file and private key (.key) file.
    For example, use the OpenSSL utility.
  2. Use Identity Manager to acquire a signed certificate (.crt) file.
    Use the .csr file (created in step 1) to generate and download a .crt file.
  3. Encrypt the private key (.key) file. You will be prompted to choose a password to protect the private key. In this example, we selected "badge".
    Use the following code to create an encrypted private .key file:
    openssl rsa -des3 -in PrivateKey.key -out PrivateKey.encrypted.key
    where
    PrivateKey.key is the private key (.key) file generated in step 1. For example, MyPrivateKey.key.
    and
    PrivateKey.encrypted.key will be the encrypted private key (.key) file generated in this step.
  4. Generate a .pem file for Windows or a .pkcs12 file for Mac.
    Use the following code to combine the .crt file (created in step 2) and the encrypted private .key file (created in step 3) into a single .pem or .pkcs12 file.
    Example code for Windows:
    type nonsaml-client-cert-3.crt PrivateKey.encrypted.key > ushercertencrypted.pem
    where
    nonsaml-client-cert-3.crt is the signed certificate (.crt) file acquired in step 2
    and
    PrivateKey.encrypted.key is the encrypted private key (.key) file generated in step 3
    and
    ushercertencrypted.pem is the .pem file generated in this step and used in the next
    Example code for Mac:
    openssl pkcs12 -export -out ushercertencrypted.pkcs12 -inkey PrivateKey.encrypted.key -in ./nonsaml-client-cert-3.crt
    where
    nonsaml-client-cert-3.crt is the signed certificate (.crt) file generated in step 2
    and
    PrivateKey.encrypted.key is the encrypted private key (.key) file generated in step 3
    and
    ushercertencrypted.pkcs12 is the .pkcs12 file generated in this step and used in the next step
  5. Verify the Badge code in your app
    Use the .pem file (created in step 4) in the Badge Code Verification API, where "badge" is the password that was chosen in step 3.
    Example of CURL call on Windows:
    curl --cert ushercertencrypted.pem:usher -kv https://env-22832.customer.cloud.microstrategy.com:3443/verify_code?uid_only=1&org_id=4&code=0596
    Example of CURL Call on Mac:
    curl --cert ushercertencrypted.pkcs12:usher -kv https://env-22832.customer.cloud.microstrategy.com:3443/verify_code?uid_only=1&org_id=4&code=0596