How to create a Client Certificate set-up

Robert van Boesschoten

Published: 30-10-2019

Last updated: 27-08-2020

Connecting your application with other environments through webservices is a powerful feature. To make sure this is done securely, proper authentication is key.In Betty Blocks, we offer several different way to go about. In this article, let's focus on using Client Certificates as authentication.

Note: This article does not go into acquiring the certificate or any other related business, just the Betty Blocks part.

We'll need to perform the following steps:

  • Create a model + property to store the Client Certificate in.
  • Create a Global Variable to access the certificate.
  • Select the variable in our Configuration.

Create a Model

So, the only way to store a Client Certificate (at the time of writing), is to create a model with a file property. Call the model `Certificate` and the file property `file`.
Set the Public option to `false`, and add the certificate's extension to the property's whitelist. This depends on the certificate you're using, but common examples are `pfx`, `pem`, and `cr`t. We're also adding a Description property, to give it a (unique) text value.

Feel free to add additional properties to distinguish each certificate. This is especially handy when using more than one certificate.

Go back to the Backoffice, turn on Builder Mode (`E`) and generate a grid for the newly created model. Click `+ New` to open the form, and upload the certificate to the file property. Repeat for all certificates you are using. Make sure no unauthorized people have access to, or the ability to alter these records.

Create a Global Variable

Ok, so we've stored our certificate in the application. Now we only have to access and use it in our process! We're doing this through a variable. 

Go down to Tools > Variables, and click `+ New`. As our variable kind, we're picking `Object`, as we'll use the Certificate object we saved earlier.
Give it an appropriate name, fitting the use case. I'll just call it the same as in the Description property: `Docs Certificate`. I'm also using the Description property as my 'identifier'. This means I'll add a filter to the object, where the Certificate object's description needs to be equal to a certain value.

Adjust the filter to your liking, as long as it gets you the Certificate record you need.The variable will then be available to use in a Configuration!

Create a Client Certificate configuration

Head over to Settings > Configurations, and click `+ New`.Enter a fitting name for the configuration and choose `Client Certificate` as kind.This will show a new fieldset, containing input fields relevant for you certificate.

Certificate Type: Choose the Certificate Type, be it `pem` or `pkcs12`.
Certificate File: This is where our previous efforts come in play. Click the blue variable button to open the Variable browser. All Global variables are available, including the object variable(s) with your Client Certificate! Select the one you need and click on the file property.
Certificate Password: Pretty straightforward, but important nonetheless. Enter the password/private key provided when the certificate was issued.

Using the Client Certificate

We're done. We set up all everything we needed to use a Client Certificate, now we just need to actually use it. 

Go to the Webservice of your choice, and choose `Client Certificate` as the Authentication Type option. A new option Authentication appears, allowing you to pick the newly created configuration. Save it, give the webservice a go and see if everything works as expected!

In case it doesn't work right away, try the following steps:

  • Check the certificate's credentials by rebuilding the configuration in e.g. Postman.
  • Turn on debugging for the action to see if the global variable actually contains a record, and if it does, that it's the correct record.
  • Reupload the Client Certificate.
  • Check in with support.
In this tutorial