Create an mTLS connection
After you upload a Certificate Authority (CA) certificate in the trust store, you can create a connection in the API Connector that uses mTLS.
Before you begin
-
You're signed in as a super admin, Workflows Administrator, or Connection Manager.
-
You're signed in to an org in a federal cell.
-
You've uploaded at least one CA certificate in the trust store.
-
Your P12 files use FIPS-compliant algorithms. Files must use AES-256-CBC encryption and PBMAC1 with PBKDF2 for its MAC integrity check.
Start this task
- On the Connections page of the Workflows Console, click New Connection.
- Select API Connector.
- Enter a name and an optional description.
- Select MTLS from the Auth Type dropdown menu.
- Select the Certificate Authority certificate from the Select certificate authority dropdown menu. This is the certificate from the trust store that the service uses to verify its identity.
- Click Upload file and browse to select the applicable P12 file.
- Enter the password for the file and click Verify. Okta Workflows decrypts the file and extracts the certificate metadata.
- Review the preview certificate details to confirm you've uploaded the correct file.
- Click Create. The button is disabled until verification completes successfully.
The connection is saved and available for use in flows.
The certificate is added to the trust store with an Active status. Click the eye icon to see the certificate's details.
Okta Workflows only accepts PEM-formatted files. If you receive a certificate in another format, convert it to PEM using a tool like OpenSSL before uploading.