Register TLS Client Certificates

Client certificates allow you to access web services that require client authentication via the TLS/SSL protocol. Once a certificate is registered, you can refer it in your server side scripts and include it in API calls.

To register a TLS Client Certificate add the following key to the <appSettings> node in the FintechOS Studio web.config file:

Copy 
<appSettings> 
    ...
    <add key="automation-client-certificate-clientCert1" value="{ 'storeName': 'My', 'storeLocation': 'LocalMachine', 'thumbPrint': 'd77621fa50114404a6e5820c6d066b019c13fdd8', 'description':'Client certificate for Api1' }">
    or
    <add key="automation-client-certificate-clientCert1" value="{ &apos;storeName&apos;: &apos;My&apos;, &apos;storeLocation&apos;: &apos;LocalMachine&apos;, &apos;thumbPrint&apos;: &apos;d77621fa50114404a6e5820c6d066b019c13fdd8&apos;,  &apos;description&apos;:&apos;Client certificate for Api1 a&apos; }">
    ...
</appSettings>

You must provide a programmatic name, preceded by the automation-client-certificate- prefix. For instance, in the example above, the name of the client certificate is going to be clientCert1.

The value is provided in JSON format and must be XML escaped. For simpler scenarios you can use single quotes instead of double quotes. The JSON value has the following structure:

Copy 
{
    "storeName": "My",
    "storeLocation": "LocalMachine",
    "thumbPrint": "d77621fa50114404a6e5820c6d066b019c13fdd8",
    "description": "Client certificate for Api1",
    "checkValidity": true
}

 

Property Description
storeName You can populate the storeName property with one of the following values:
  • AddressBook - X.509 certificate store for other users.
  • AuthRoot - X.509 certificate store for third-party certificate authorities.
  • CertificateAuthority - X.509 certificate store for intermediate certificate authorities.
  • Disallowed - X.509 certificate store for revoked certificates.
  • My - X.509 certificate store for personal certificates.
  • Root - X.509 certificate store for trusted root certificate authorities.
  • TrustedPeople - X.509 certificate store for directly trusted people and resources.
  • TrustedPublisher - X.509 certificate store for directly trusted publishers.
storeLocation You can populate the storeLocation property with one of the following values:
  • CurrentUser - X.509 certificate store used by the current user.
  • LocalMachine - X.509 certificate store assigned to the local machine.
thumbPrint This is the thumbprint of the client certificate.
description A user-friendly description of the certificate. This information will be displayed in the code editor's intelligent code completion suggestions.
checkValidity
  • true - Even if the thumbprint is found, the API returns the certificate only if the root issuer in the certificate build chain is part of the trusted root certification authorities.
  • false - For development or testing purposes.

Usage in server-side scripts

The automation API supports referencing client certificates and passing them in the httpGet/httpPost functions. For more information, see the Server SDK Reference Guide documentation.

Copy 
var cert = server.clientCertificates.get('clientCert1');
var getResult = httpGet('https://server.com/route1', {}, {
    clientCertificate: cert
});
var postResult = httpPost('https://server.com/route2', myPostData, {
    clientCertificate: cert
});

In the code editor, the server.clientCertificates.get function provides automatic code completion suggestions for the registered client certificates.