Availability gateway: Setting up certificate-based mutual authentication
StarkEx communicates with your application via https, using SSL, to enable mutual authentication. StarkEx uses self-signed certificates, with StarkEx as the certificate authority (CA). You send StarkEx a certificate signing request (CSR), we sign it, and return two files: user.crt
and our server.crt
.
-
Create a configuration file for the availability gateway, with any name, such as
user.conf
, with the following content:[req] default_bits = 2048 prompt = no default_md = sha256 distinguished_name = dn [ dn ] CN = <public_key>
Where
<public_key>
is the Ethereum public key of the committee member, in checksum format. -
Generate the user key for the availability gateway, where
<availability_gw_user.key>
is the name of the output file with the key:$ openssl genrsa -out <availability_gw_user.key> 4096
This is a private key. Do not share it.
-
Generate the certificate request for the availability gateway, where
<availability_gw_user.csr>
is the name of the output file with the certificate request:$ openssl req -new -key <availability_gw_user.key> -out <availability_gw_user.csr> -config user.conf
-
Generate the user key for the StarkEx gateway, where
<StarkEx_gw_user.key>
is the name of the output file with the key:$ openssl genrsa -out <StarkEx_gw_user.key> 4096
This is a private key. Do not share it.
-
Generate the certificate request for the StarkEx gateway, where
<StarkEx_gw_user.csr>
is the name of the output file with the certificate request:$ openssl req -new -key <StarkEx_gw_user.key> -out <StarkEx_gw_user.csr>
-
Send the CSRs you generated to StarkEx via any communication channel, such as Slack, Telegram, or email.
-
StarkWare prepares and sends you two sets of signed certificates named
user.crt
andserver.crt
: One set for the availability gateway and one set for the StarkEx gateway. -
Install the certificate files in your enviroment, along with the user key.
Mutual authentication is now enabled.
Enter the following command:
$ curl --cert user.crt --cacert server.crt --key user.key <StarkEx GW URL>/v2/gateway/is_alive
The StarkEx gateway uses the secure http protocol, so the URL begins with |
You should see a result similar to the following:
GatewayServiceVersion2 is alive!