Trusted CA
This authentication method allows clients possessing a X.509 certificate (signed by a CA that is trusted by the
Wallet API) to access wallet accounts by signing JWTs themselves. In this process, clients should populate the x5c
header appropriately. The Wallet API is set up with a list of trusted CA certificates, which are specified in the
trusted-ca.conf file, see example below. Those certificates should be JSON stringified PEM X.509 certificates.
Client certificates are then verified for validity and trustworthiness against this list.
List of trusted PEM-encoded x509 certificates:
certificates = [
"-----BEGIN CERTIFICATE-----
MIIFAzCCAuugAwIBAgIUZAcmlp6i2cSlvcb2nJ3jAdOMxb0wDQYJKoZIhvcNAQEL
BQAwETEPMA0GA1UEAwwGUm9vdENBMB4XDTI0MDgyODEzMDAzM1oXDTM0MDgyNjEz
MDAzM1owETEPMA0GA1UEAwwGUm9vdENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAqb8OySEhtQaE8ocqiZ3jhFd4iClK0PNvbw1SRZvoOplvrRzuHWJI
Bq6IunC/VUWXRhwovW6EJ2D8SUxzzz2u32nMHdDpP9uhAth/y134n6FmU8W8Z7aD
vY6ySi6W/wXGmUcPYpde3nGCLkxwCkyRvZBIXJqClHoMvSMSd/m3FE2qOfIbp5M4
8kUzwGPie1TBwQ+p9yMRrsZBqZbRyZe/5d1CilhpcuMCVU1rsNrO50YlJuihh0qn
Nmi47KLHUlK5PiWbJiUA5rd8Z66Ml5wVQee++HCLF90FwQNr4/gCjz6DBM2AydkH
j8YAaET7So/0bfd1WyJhp0YRt+U/4TNk+sop8cy617QqRrcFWpxJvxlgbeOn8kvX
/Kih1g/mUilpXDY9Snw7NIPDz4vdCgCpcYxfne90QDDmdVX9yggHoS+NgrY/EBV4
rprxQKA1mS5U2fZRsQAJ5DDLZv8DXebsK1fIuIT9WYRGZBaBvw9tnzh6GrRtry8m
9fLzZYspJfOkYkH7V3mhFwZTbRa3ANyHDmPOtR5BO8CHBVDEzHQKPFyCpVEUTueZ
Dq7poT5dCjnPJ6xvaf1c0In7tBNux/0QB8WZVLmZVnpJ8toxBfbnYvF5yqcZk30r
YPX1ZDgpqDC66cACOGefV3J4BIpd98QlvkZzbDg971zB6VN08Q8TIHsCAwEAAaNT
MFEwHQYDVR0OBBYEFFIr4DuYd4k8QO/07x2usuvveLYxMB8GA1UdIwQYMBaAFFIr
4DuYd4k8QO/07x2usuvveLYxMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggIBABwWbzbdtPDym52T7/bnNgvxGWylcKP9tpsEWWRGIcQi4Y6Xvrn/+NFj
/vwjhm9q7k/9ks76TRXYf3DOppCFd80tj1AZPjB3zlWMzVvh74AhDgtn/Q7tuo0Z
QqSwu05JQt8HW6IeW0cl8UwGtZoKYiJnVEuOK9aFhUdFzu9DSRlpY/h5jI7vkJCr
IoHy4XD9OPYpRIQ+EpomZqUxBZZ/BfvAPJqHVaPtI7j9lDuTE5PoHAKYN6KZrVGU
992K/5Q+wwHiddskQpoRJPK24HdXVcIsoIyHhk1PZqtuTIHRSOY3AoLJCHRhu3gj
ZiHBS1Ui7kDcbOpDi4lrfwONvkY3cOeaIpEhZBC7y1bT2Ln8Bpnjz1cbsIGLuHMu
CRfdFu2cPFajwAZUh+72OoITpn+PkSPO0iTTi8dBAcfKlKdzr+0CsDK7U38So35X
d6OBu3sDiZhE7LkYd4A329f+z1pc9CSd9COcmmBPE1EGDxIt0qKfBw4/xWRbd4GZ
Eq7IcjznzKs0KALjdbns+pmr1j+TwGtHSymF8t8Y1rHv3dTBdAN3BejPlsc2IL60
wDo2ZnKpE1IFs6ae/JhY4Y5+5iv9Rc3d23/SVN4HygwVZx8c1/PqJ0XZMH5O2t4K
FVH0vHAZqlS+fs2BBahpPupnhbvmNfzR9N43VG69nlcUDBgkMoFz
-----END CERTIFICATE-----
"
]
Example to convert a X.509 Certificate
jq -sR . root-ca1-cert.pem
root-ca1-cert.pem refers to the filename.
Last updated on November 21, 2024