# Availability gateway: Setting up certificate-based mutual authentication

StarkEx communicates with your application via https, using SSL, to enable mutual authentication. StarkEx uses self-signed certificates, with StarkEx as the certificate authority (CA). You send StarkEx a certificate signing request (CSR), we sign it, and return two files: `user.crt` and our `server.crt`.

Procedure
1. Create a configuration file for the availability gateway, with any name, such as `user.conf`, with the following content:

``````[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[ dn ]
CN = <public_key>``````

Where `<public_key>` is the Ethereum public key of the committee member, in checksum format.

2. Generate the user key for the availability gateway, where `<availability_gw_user.key>` is the name of the output file with the key:

``$openssl genrsa -out <availability_gw_user.key> 4096``  This is a private key. Do not share it. 3. Generate the certificate request for the availability gateway, where `<user.csr>` is the name of the output file with the certificate request: ``$ openssl req -new -key <availability_gw_user.key> -out <availability_gw_user.csr> -config user.conf``
4. Generate the user key for the StarkEx gateway, where `<StarkEx_gw_user.key>` is the name of the output file with the key:

``$openssl genrsa -out <StarkEx_gw_user.key> 4096``  This is a private key. Do not share it. 5. Generate the certificate request for the StarkEx gateway, where `<StarkEx_gw_user.csr>` is the name of the output file with the certificate request: ``$ openssl req -new -key <StarkEx_gw_user.key> -out <StarkEx_gw_user.csr>``
6. Send the CSRs you generated to StarkEx via any communication channel, such as Slack, Telegram, or email.

7. StarkWare prepares and sends you two sets of signed certificates named `user.crt` and `server.crt`: One set for the availability gateway and one set for the StarkEx gateway.

8. Install the certificate files in your enviroment, along with the user key.

Mutual authentication is now enabled.

Verifying certificate-based mutual authentication

Enter the following command:

``\$ curl --cert user.crt --cacert server.crt --key user.key <StarkEx GW URL>/v2/gateway/is_alive``
 The StarkEx gateway uses the secure http protocol, so the URL begins with `https`.

You should see a result similar to the following:

`GatewayServiceVersion2 is alive!`