# Certificate Store

## Certificate Store

Astera provides users with a certificate store, enabling them to perform essential tasks such as importing, exporting, and generating certificates for various purposes, enhancing security and authentication in the API request using mutual TLS, and providing encrypted communication and data transfers.

1. Right-click on the *Default cluster* node in the Server Explorer and select *Certificate Store* from the context menu.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2Fi1ZfyfxN119LHlN2L3l4%2Fimage.png?alt=media&#x26;token=91027069-25e9-4640-879d-6af462bfe3dd" alt=""><figcaption></figcaption></figure>

This will open a new window.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2Fyayj1XQXKUrE9qvNRAfV%2F02-Store-Window.PNG?alt=media&#x26;token=841a23b1-eec4-4997-815d-194ba089451d" alt=""><figcaption></figcaption></figure>

### Importing a Certificate

1. To import a certificate, select its icon.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FBLFlSJZVzHgcZk6LkLrf%2F03-Import.PNG?alt=media&#x26;token=d68053c5-99ef-42c1-9d36-5b7998a78055" alt=""><figcaption></figcaption></figure>

This will open a new window.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FvoJjNieuT5srHNWyhZ9t%2F04-Import-Options.PNG?alt=media&#x26;token=e969eb37-2205-41c2-b064-12051d8cecbb" alt=""><figcaption></figcaption></figure>

*Client Certificate Type:* This option lets you select whether the certificate extension is a Pem file or a Pfx file.

*Domain:* The domain on which the certificate is to be used when making a connection.

*Certificate File:* The file path of the certificate to be imported.

*Key File:* The key file for the certificate which is used for authentication.

{% hint style="info" %}
**Note:** In the case of a .pfx file, a *Password* field will be required instead of a *Key File* field.
{% endhint %}

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FnIq7XFVq2fCWfTT2Kwr8%2F05-Password.PNG?alt=media&#x26;token=05b95442-864c-444e-9985-73963d221bce" alt=""><figcaption></figcaption></figure>

*Password:* This is where we enter the password for our Pfx Certificate for authentication.

2. For our use case, we have imported a certificate from the Astera domain.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FPw65m9kDn61k4jIusZhd%2F06-Import-Certificate.PNG?alt=media&#x26;token=7bd9d063-8416-4333-bb96-3f6455cf7878" alt=""><figcaption></figcaption></figure>

### Generating a Certificate

1. To start, select the *Generate New Certificate* option.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FkoHvkqqdzwgpfOCGmVcG%2F07-Generate.PNG?alt=media&#x26;token=588dfe3f-8914-4557-808f-efa9e7f704f8" alt=""><figcaption></figcaption></figure>

This will open a new window.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FGyvNsvW3FrYTUErtjMSQ%2F08-Window.PNG?alt=media&#x26;token=7bccba68-06e1-4f3a-8690-3e873401990e" alt=""><figcaption></figcaption></figure>

*Domain/Certificate:* The domain on which the certificate will be based.

*Common Name:* The name of the certificate.

*Organization Name:* The name of the organization to which the certificate belongs.

*File Name:* The file name of the certificate.

*Password:* The password for the new certificate.

*Signature Algorithm:* The algorithm on which the certificate will use the signature.

*Validity Period:* The expiry date of the certificate, in years.

*Key Size:* The size of the key for the certificate.

{% hint style="info" %}
**Note**: For *Signature Algorithms SHA384* and *SHA512,* the minimum possible key size is 1024.
{% endhint %}

2. For our use case, we have made the following certificate.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FULbCBDlYE0O6br1bICZE%2F09-Created-Certificate.PNG?alt=media&#x26;token=d80473dd-39c6-4706-b7e3-7121dac2c790" alt=""><figcaption></figcaption></figure>

Selecting *Generate* will create the new certificate.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FGzmb09FUUXu00TV3c08r%2F10-generated.PNG?alt=media&#x26;token=db8276a0-5c9e-4ce6-b320-9c5ace8f1632" alt=""><figcaption></figcaption></figure>

### Exporting a Certificate

1. To export the above-generated certificate, select the *Export Selected Certificate* option.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FMhF0UeTZrcvbLOGii8U3%2F11-Export.PNG?alt=media&#x26;token=511ec710-1f5d-4964-916b-0d473ac70837" alt=""><figcaption></figcaption></figure>

2. Select the destination folder and the certificate will be exported.

The certificate can then be used elsewhere.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FiT0RCfGhBAdTDPlb4Aca%2F12-Exported.PNG?alt=media&#x26;token=f4a847f5-4efd-4948-8da3-fa9511df1b6e" alt=""><figcaption></figcaption></figure>

### Partner Certificates

Astera allows the user to import certificates as a client.

1. Select the *Partner Certificates* tab and select *Import New Certificate*.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FINK03C2XKyMxR1UhwPRQ%2F13-Partner.PNG?alt=media&#x26;token=2f22be9a-6e42-4cb4-8632-69c50909fd27" alt=""><figcaption></figcaption></figure>

This will open a new window.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FBi2yitFSiNLMmwAQ5xiN%2F14-Open.PNG?alt=media&#x26;token=f6f0f28f-31e2-41d7-96f0-e857fa5f36a9" alt=""><figcaption></figcaption></figure>

*Certificate Name:* This is where the name of the certificate is used.

*Certificate File:* The file path to the certificate that is to be imported.

2. Selecting *Import* will Import the certificate.

<figure><img src="https://3083465318-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsR50Wa7EwZGlmPSAMkkf%2Fuploads%2FIZjrnEpspJuelY8i33s3%2F15-Imported.PNG?alt=media&#x26;token=282b1827-b387-48cb-8d63-95d4ba21c9a5" alt=""><figcaption></figcaption></figure>

This concludes the working of the Certificate Store in Astera.