Getting a TLS Certificate for OpenADR
In line with the openADR specification, Voltus uses mutual TLS (mTLS) for authentication and authorization. mTLS requires you to send a certificate signed by Voltus alongside every request. This document outlines the steps to receiving one of these certificates. It assumes you know the basics of mTLS, and of openADR.
Certificates signed by Voltus will have a maximum TTL of 365 days. If you need to rotate credentials for any reason before that period, send an email to api-support@voltus.co. Voltus may also reach out and require you to rotate credentials before your certificates expire.
Step 1: Generate a certificate signing request (CSR)
Voltus will require an x.509 Certificate Signing Request. If you are unsure how to generate a CSR, you should reach out to IT staff or your infrastructure team for further assistance.
The CSR should fulfill the following requirements:
- The CSR should be generated using the key-pair you use for the domain the request will be made from.
- The Common Name should be of the format
name_of_ven@openadr.voltus.co, wherename_of_venis the name of the VEN the certificate will be used for. You should use one of X Y Z hashing algorithms during their creation
Step 2: Send us your CSR
Send an email to api-support@voltus.co with headline ‘Certificate Signing Request’ with the CSR attached. Once we’ve verified the CSR fits our requirements, we will send you an email with an encrypted password-protected zip file and a one-time link containing the password.
Step 3: Use your Certificate
Deploy your VEN with the newly created certificate and ensure that requests are returning 2XX status codes. If you are cycling credentials, we recommend you keep the existing deployment running until you can verify the new certificates can be used by your VEN. Send us an email when the old credentials can be safely de-activated.