POST
/
v1
/
client-certificates
Creates a new client certificate.
curl --request POST \
  --url https://api.checklyhq.com/v1/client-certificates \
  --header 'Authorization: <api-key>' \
  --header 'Content-Type: application/json' \
  --data '{
  "host": "www.acme.com",
  "cert": "<string>",
  "ca": "<string>",
  "key": "<string>",
  "passphrase": "<string>"
}'
{
  "host": "www.acme.com",
  "cert": "<string>",
  "ca": "<string>",
  "id": "<string>",
  "created_at": "2023-11-07T05:31:56Z"
}

Overview

The Create Client Certificate endpoint allows you to upload new client certificates for use with mutual TLS authentication in your monitoring checks. Certificates enable secure authentication with services requiring certificate-based client verification. Common Use Cases:
  • mTLS Setup
  • Secure Service Monitoring
  • Certificate Deployment
  • Authentication Configuration
Store certificate private keys securely and never expose them in logs or public repositories. Certificates provide authentication credentials for your monitoring checks.
Client certificates must be valid and properly formatted. Ensure certificates are not expired and include necessary intermediate certificates for proper chain validation.

Authorizations

Authorization
string
header
required

The Checkly Public API uses API keys to authenticate requests. You can get the API Key here.

Your API key is like a password: keep it secure!

Authentication to the API is performed using the Bearer auth method in the Authorization header and using the account ID.

For example, set Authorization header while using cURL:

curl -H "Authorization: Bearer [apiKey]" "X-Checkly-Account: [accountId]"

Headers

x-checkly-account
string

Your Checkly account ID, you can find it at https://app.checklyhq.com/settings/account/general

Body

application/json
host
string
required

The host domain for the certificate without https://. You can use wildcards to match domains, e.g. "*.acme.com"

Example:

"www.acme.com"

cert
string
required

The client certificate in PEM format as a string. This string should retain any line breaks, e.g. it should start similar to this "-----BEGIN CERTIFICATE-----\nMIIEnTCCAoWgAwIBAgIJAL+WugL...

ca
string

An optional CA certificate in PEM format as a string.

key
string

The private key in PEM format as a string.

passphrase
string

An optional passphrase for the private key. Your passphrase is stored encrypted at rest.

Response

Created

host
string
required

The host domain for the certificate without https://. You can use wildcards to match domains, e.g. "*.acme.com"

Example:

"www.acme.com"

cert
string
required

The client certificate in PEM format as a string. This string should retain any line breaks, e.g. it should start similar to this "-----BEGIN CERTIFICATE-----\nMIIEnTCCAoWgAwIBAgIJAL+WugL...

id
string
required
ca
string

An optional CA certificate in PEM format as a string.

created_at
string<date-time>