I am a beginner to TLS/Ops.
Our operations team have setup a number of virtual hosts with domains we own for hosting endpoints on our Cloud.
We have 3 virtual hosts-
- internal – to be used internally for integration purposes with the other departments in our organisation like Siebel CRM…
- partner – for organisations with which we do business.
- public – as the name suggests
All communication is over
There is a new partner to whom we(I am a developer) have exposed a new API.
When a developer from their team tries to consume our API with Postman, all he gets is –
Client Certificate is not trusted in this subdomain and/or this endpoint explicitly
Their postman console shows this as seen in the attached image-
In the communication which our OPS team had with the client OPS team, I see that our Ops requested for a CSR file from the client and vice versa.
From the web, I see that a certificate signing request (CSR) is one of the first steps towards getting your own SSL Certificate.
Why would a client need our CSR file and similarly why would our Ops need theirs?