Sie befinden sich hier: start » en » Internal Documentation » WvdS Data-Gateway » 4. API Overview » 5. PQ Security » 5.3 Certificate Authentication

Inhaltsverzeichnis

5.3 Certificate Authentication

Client identification via PQ certificates.

Main Certificate

The developer certificate is issued by the internal CA. 

# Request certificate
openssl req -new -newkey ml-dsa-65 -keyout dev.key -out dev.csr
 
# Send CSR to CA
# After approval: receive dev.crt

Use Certificate

# API call with client certificate
curl --cert dev.crt --key dev.key \
     https://gateway.intern:443/api/v1/dsn/demo/tables

In Applications

var handler = new HttpClientHandler();
handler.ClientCertificates.Add(
    new X509Certificate2("dev.pfx", "password"));
 
var client = new HttpClient(handler);
var response = await client.GetAsync("https://gateway.intern/api/v1/dsn/demo/tables");

Certificate Validation

The server checks:

  1. Is the certificate valid (not expired)?
  2. Was it signed by our CA?
  3. Is it not revoked (CRL/OCSP)?
  4. Does it have the required extensions?

PQ-Crypto Library

For programmatic creation and management of PQ certificates see the WvdS.System.Security.Cryptography library:

Zuletzt geändert: on 2026/01/30 at 08:47 AM

Seiten-Werkzeuge