Certificate Authorities

Certificate Authorities (CAs) are used to sign mTLS client certificates, enabling mutual TLS authentication for your plans.

When mTLS is configured on a plan, the gateway validates incoming client certificates against the trusted CAs defined here. Only clients presenting a certificate signed by a registered CA will be granted access.

Add Certificate Authority

1. Navigate to Certificate Authorities
2. Click New Certificate Authority
3. Enter the Name of the certificate authority
4. Optionally enter a Description
5. Select a Provider Type:
   • LOCAL
   • AWS ACM PCA
     • Enter the CA ARN
6. Click Create

Delete Certificate Authority

1. Navigate to Certificate Authorities
2. Select the certificate authority to remove
3. Click Delete → Delete

Warning

Deleting a Certificate Authority will break mTLS authentication for any plan that relies on it. Ensure no active plans reference this CA before deleting.