Trusted CA
This authentication method allows clients possessing a X.509 certificate (signed by a CA that is trusted by the
Wallet API) to access wallet accounts by signing JWTs themselves. In this process, clients should populate the x5c
header appropriately. The Wallet API is set up with a list of trusted CA certificates, which are specified in the
trusted-ca.conf file, see example below. Those certificates should be JSON stringified PEM X.509 certificates.
Client certificates are then verified for validity and trustworthiness against this list.
List of trusted PEM-encoded x509 certificates:
certificates = [
"-----BEGIN CERTIFICATE-----\nMIIFAzCCAuugAwIBAgIUZAcmlp6i2cSlvcb2nJ3jAdOMxb0wDQYJKoZIhvcNAQEL\nBQAwETEPMA0GA1UEAwwGUm9vdENBMB4XDTI0MDgyODEzMDAzM1oXDTM0MDgyNjEz\nMDAzM1owETEPMA0GA1UEAwwGUm9vdENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\nMIICCgKCAgEAqb8OySEhtQaE8ocqiZ3jhFd4iClK0PNvbw1SRZvoOplvrRzuHWJI\nBq6IunC/VUWXRhwovW6EJ2D8SUxzzz2u32nMHdDpP9uhAth/y134n6FmU8W8Z7aD\nvY6ySi6W/wXGmUcPYpde3nGCLkxwCkyRvZBIXJqClHoMvSMSd/m3FE2qOfIbp5M4\n8kUzwGPie1TBwQ+p9yMRrsZBqZbRyZe/5d1CilhpcuMCVU1rsNrO50YlJuihh0qn\nNmi47KLHUlK5PiWbJiUA5rd8Z66Ml5wVQee++HCLF90FwQNr4/gCjz6DBM2AydkH\nj8YAaET7So/0bfd1WyJhp0YRt+U/4TNk+sop8cy617QqRrcFWpxJvxlgbeOn8kvX\n/Kih1g/mUilpXDY9Snw7NIPDz4vdCgCpcYxfne90QDDmdVX9yggHoS+NgrY/EBV4\nrprxQKA1mS5U2fZRsQAJ5DDLZv8DXebsK1fIuIT9WYRGZBaBvw9tnzh6GrRtry8m\n9fLzZYspJfOkYkH7V3mhFwZTbRa3ANyHDmPOtR5BO8CHBVDEzHQKPFyCpVEUTueZ\nDq7poT5dCjnPJ6xvaf1c0In7tBNux/0QB8WZVLmZVnpJ8toxBfbnYvF5yqcZk30r\nYPX1ZDgpqDC66cACOGefV3J4BIpd98QlvkZzbDg971zB6VN08Q8TIHsCAwEAAaNT\nMFEwHQYDVR0OBBYEFFIr4DuYd4k8QO/07x2usuvveLYxMB8GA1UdIwQYMBaAFFIr\n4DuYd4k8QO/07x2usuvveLYxMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL\nBQADggIBABwWbzbdtPDym52T7/bnNgvxGWylcKP9tpsEWWRGIcQi4Y6Xvrn/+NFj\n/vwjhm9q7k/9ks76TRXYf3DOppCFd80tj1AZPjB3zlWMzVvh74AhDgtn/Q7tuo0Z\nQqSwu05JQt8HW6IeW0cl8UwGtZoKYiJnVEuOK9aFhUdFzu9DSRlpY/h5jI7vkJCr\nIoHy4XD9OPYpRIQ+EpomZqUxBZZ/BfvAPJqHVaPtI7j9lDuTE5PoHAKYN6KZrVGU\n992K/5Q+wwHiddskQpoRJPK24HdXVcIsoIyHhk1PZqtuTIHRSOY3AoLJCHRhu3gj\nZiHBS1Ui7kDcbOpDi4lrfwONvkY3cOeaIpEhZBC7y1bT2Ln8Bpnjz1cbsIGLuHMu\nCRfdFu2cPFajwAZUh+72OoITpn+PkSPO0iTTi8dBAcfKlKdzr+0CsDK7U38So35X\nd6OBu3sDiZhE7LkYd4A329f+z1pc9CSd9COcmmBPE1EGDxIt0qKfBw4/xWRbd4GZ\nEq7IcjznzKs0KALjdbns+pmr1j+TwGtHSymF8t8Y1rHv3dTBdAN3BejPlsc2IL60\nwDo2ZnKpE1IFs6ae/JhY4Y5+5iv9Rc3d23/SVN4HygwVZx8c1/PqJ0XZMH5O2t4K\nFVH0vHAZqlS+fs2BBahpPupnhbvmNfzR9N43VG69nlcUDBgkMoFz\n-----END CERTIFICATE-----\n"
]
Example to convert a X.509 Certificate
jq -sR . root-ca1-cert.pem
root-ca1-cert.pem refers to the filename.