Hello Community, greetings from Spain!
Currently, we created a client certificate and a mTLS rule… it works fantastic!
The issue that we are having is that we need to download the Client Certificate in order to reach it from the Client Server and we aren’t able to do so! (or a least we don’t know how… 
)
This is the certificate. any help?
Thanks in advance - Daniel
You cannot download the certificate from the dashboard. You’ll have to do so from the API using the /client/v4/zones/<zone_id>/client_certificates endpoint (or pick it up from the network tab in developer tools).
However, the certificate itself is not very useful without the private key. When you create a client certificate in the dashboard, your browser generates the public/private key-pair used for the certificate. This is the only time you can access the private key. The private key is discarded when you navigate away without ever being sent to Cloudflare.
Could you kindly tell me more about this? I can re-create the certificate and revoke the current one but I’d like to know how to do this in detail as this seem as a great answer
The only time you can access the private key is when you create the certificate. If you didn’t save the private key - or you lost it - you have no option but to create a new certificate.
I think I never saw that option… I did it using this page:
And there was never a option to copy the Private Key or PEM. Am I doing it wrong?
You cannot create a CSR without a private key. That means you had one on the device used to generate the CSR. Using a certificate management tool can make it easier to track the relevant components. I liked XCA from the first time I used it, so I haven’t spent any time looking for alternatives, but it is not the only option.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
