Skip to main content
mTLS (Mutual TLS) certificates enable mutual authentication between your application and external servers. This feature allows you to use client certificates to authenticate with APIs that require mutual TLS authentication.

Accessing certificate management

To manage your mTLS certificates, go to Company > Security > Certificates. This section lets you manage all certificates associated with your company.
To access the certificates section, you need the settings:company_settings permission.If you do not have access, contact your company administrator.
Full view of the mTLS certificates section showing the list of certificates with their names, expiration dates, and options to mark them as primary

Uploading certificates

To create a new certificate, click the Create button at the top of the certificate list. You can upload certificates in two formats:

Single PEM format

A file containing both the certificate and the private key in PEM format.

Separate CRT + KEY files

  • CRT file: Contains the certificate
  • KEY file: Contains the private key
Make sure the certificates are valid and have not expired before uploading them.
Modal to create a new mTLS certificate with options to upload PEM or CRT + KEY files

Viewing certificates

In the Certificates section you can see all certificates for your company, including:
  • Certificate name
  • Expiration date
  • Whether it is marked as primary

Setting a certificate as primary

This certificate will be automatically selected when you enable mTLS on an API node if you have not manually selected another certificate.
Only one certificate can be marked as primary at a time. If you mark a new certificate as primary, the previous one will automatically lose that status.

Editing certificates

You can edit the name of your existing certificates to identify them more easily. This is useful when you have multiple certificates for different purposes or environments. Click the edit icon (pencil) next to the certificate you want to modify.
Modal to edit the name of an existing mTLS certificate

Deleting certificates

You can delete certificates you no longer need. To delete a certificate, click the delete icon (trash can).
Before deleting a certificate, the system will show you a warning indicating that you must ensure this certificate is not being used in any API node. If you delete a certificate that is in use, it could cause errors in the API calls of your active flows.
Warning when attempting to delete a certificate, indicating that it must be verified as not in use in any API nodes
Confirmation modal to delete an mTLS certificate

Use in API nodes

Once you have certificates loaded, you can use them in the API node by enabling the mTLS certificates option in the Settings section of the node.