Authentication Certificates
In order to use authentication certificates, you must first request an authentication certificate.
An authentication certificate allows you to log in to your account securely. These instructions will guide you through the entire process – from creating the Certificate Signing Request (CSR) to final creation.
Requirements
- You need an account with seal authorisation.
Step 1: Create a Certificate Signing Request (CSR)
Before you can set up the certificate in your account, you must first create a CSR.
CSR Requirements
- Subject: Must be unique and will be included in the certificate
- Key type: RSA 4096 bit or ECC prime256v1
- Important: The private key may only be used for this one certificate and cannot be reused.
Example: Creating CSR with RSA 4096 using OpenSSL
Open a terminal on your system and execute the following command:
openssl req -new -newkey rsa:4096 -nodes -keyout private.key -out certificate.csr
You will be prompted to enter the following information:
- Country Name (C): Your country code (e.g. DE)
- State or Province (ST): State/region (optional)
- Locality Name (L): City (optional)
- Organization Name (O): Company name (optional)
- Organizational Unit (OU): Department (optional)
- Common Name (CN): Your name or unique identifier
After successful execution, you will receive two files:
private.key– Your private key (keep it safe!)certificate.csr– Your Certificate Signing Request
Step 2: Apply for a certificate in your account
- Log in with an account that has seal authorisation
- Navigate to "2FA Settings":
- Swith to the "Authentication Certificate" tab
- Click on the + symbol:
- Select the seal for which an authentication certificate is to be created and upload the contents of the created
certificate.csrfile: - Complete the identification process (follow the instructions on the screen)
Step 3: Download certificate and connect with private key
Once your certificate has been issued, it will appear in the authentication certificates table.
- Download the issued certificate:
- Now combine the certificate with your private key to create a PKCS#12 file, e.g. using openSSL:
openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crtYou will be prompted to assign an export password. Make a note of this password – you will need it when importing the certificate into your browser or operating system.
Use of the certificate
The created
.p12 file can now be used for /authorize_tls2 ".Safety Instructions
- Keep your private Key (
private.key) safe and never share it with anyone - Do not delete the private key while the certificate is valid
- Use each private key for a single certificate only
- Back up the .p12 file and the export password in a secure location
If you have any questions or problems, please contact our support team.
Do you need further support?
Related Articles
Overview
The overview provides you with important links, e.g. to get help more quickly or to revoke certificates.Passkey
To use Passkey, you must first register a Passkey. The passkey is then used for authentication as follows. Authentication procedure Step 1: Select a passkey: You can store multiple passkeys in your OAuth account. You will be asked which of these ...Authenticator (TOTP)
To use Authenticator, you must first register an Authenticator account. Authenticator is then used for authentication as follows. Authentication procedure Step 1: Select an Authenticator account: You can store multiple Authenticator accounts in your ...SMS
If you select by SMS, you will receive an SMS on your device. This feature is only available for mobile phones. Authentication procedure Step 1: Check on your smartphone that you have received the SMS. Step 2: Enter the 6-digit code from the SMS in ...Clients
Clients are required in OAuth to use SIGN8. On the one hand, all clients can be viewed, edited and deleted. A client has been configured and provides the following settings: Name: The name of the client. Redirect URL: List of URLs for which ...