Certificates
The certificates screen allows the user to manage all the certificates used in Extension Kit.
The screen lists the certificates that are currently added to the tenant, showing the following data: Name, issuer, valid from date, expiration date and user that added it. They can also be deleted by using the delete icon.
NOTE: Only users with Owner and Contributor roles can manage certificates.
Add new certificates
New certificates can be loaded using the New certificate button. This will enable a modal that allows the user to load a certificate either by using drag & drop or browsing the file.
The supported certificates file formats are:
.cer.pem.pfx.p12
A name for the certificate must be provided. Additionally, for .pfx and .p12 certificates a password must also be provided and must match the certificate's one.
As per definition a .pem file format can contain one or more certificates, along with a private key. Please note that Extension Kit supports only .pem file format certificates with a single certificate.
NOTE: Extension Kit does not allow .pem files with multiple certificates and/or private key.
NOTE Extension Kit Private Certificates are stored in Microsoft Azure Key Vaults. Please refer to the documentation available here for the supported key length and types ("RSA" and "EC").
Edit certificates
Certificates that are already created can be modified using the context menu in certificates' table. There are two possible options for edition:
- Rename: The certificate's name can be modified in the pop-up. Once changes are saved the new name will appear in certificates' table and will be also modified in HTTP requests' certificate menu.
- Edit certificate: In this pop-up all the certificate's setup can be modified. The name can be changed and also a new file and password can be added. Changes will be applied both in the certificates' table and in the HTTP requests' certificate menu.
NOTE: The provided certificate data will replace the previous one.
It is not possible to change a certificate already created as a public certificate (with a .ceror .pem extension, and therefore without an associated password) to a private one (.pfx or .p12) and vice versa.