Key and certificate signing request creation will be explained using openssl.
Create a private key
openssl genrsa -out client.key 4096
Create a certificate signing request (CSR)
openssl req -new -key client.key -out client.req
The following interactive dialog will be shown. The two values marked red are essential and required for your client certificate!
Provide your CSR to OX
NEVER share your private KEY with anybody and do NOT send it to OX.
OX will issue your certificate and provide it to you.
Is is mandatory to use two different keys and certificates for CI API and for the snapshot service. NEVER use the same key for both services. The unique identifier for the two services is the organizational unit (OU) in your certificate request.