> For the complete documentation index, see [llms.txt](https://docs.saleschat.pro/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.saleschat.pro/api-documentation/mutual-tls.md).

# Mutual TLS

Saleschat Mutual TLS allows organizations to configure an additional layer of security for their Saleschat API traffic. \
\
Once configured, API requests should be made to [https://mtls.apis.saleschat.pro](https://mtls.apis.saleschat.pro/) (or [https://mtls.apis.t.saleschat.pro](https://mtls.apis.t.saleschat.pro/) for UAT environment) and traffic will only be accepted if the right API key and client certificate are provided. \
\
mTLS does not apply to the normal TLS domain, [https://apis.saleschat.pro](https://apis.saleschat.pro/) or [https://apis.t.saleschat.pro](https://apis.t.saleschat.pro/).

#### Customer-Owned Certificate Model

Saleschat uses a Bring Your Own Certificate (BYOC) Model.

In this model -

* Enterprise generates and owns the private key.
* Enterprise generates the client certificate.
* Enterprise shares only the public certificate with Saleschat.
* Saleschat registers and trusts the certificate.
* Enterprise uses the private key locally to establish mTLS connections.

{% hint style="warning" %}
The private key must never be shared with Saleschat.
{% endhint %}

#### Certificate Requirements

| Setting             | Recommended Value |
| ------------------- | ----------------- |
| Key Type            | RSA               |
| Key Size            | 2048 or 4096      |
| Signature Algorithm | SHA256            |
| Validity            | 1 year            |

#### How to generate the certificate?

Run this command on a secure machine/server.

```shellscript
openssl genrsa -out saleschat-client.key 2048
```

Generated file will be -

```
saleschat-client.key
```

{% hint style="info" %}
This is a sensitive file. Store it securely, do not share it with Saleschat or anyone outside your organization.
{% endhint %}

Set the permission for the file -

```shellscript
chmod 600 saleschat-client.key
```

Run the following to generate the client certificate -&#x20;

```shellscript
openssl req -x509 -new \
  -key saleschat-client.key \
  -out saleschat-client.crt \
  -days 365 \
  -sha256 \
  -subj "/C=IN/ST=Maharashtra/L=Mumbai/O=${YOUR_COMPANY}/OU=Technology/CN=${YOUR_COMPANY}-saleschat-mtls"
```

{% hint style="info" %}
Subject is optional, and you can replace ${YOUR\_COMPANY} with your company name in format. This has got nothing to do with the client or server domain.
{% endhint %}

Generated file will be -

```
saleschat-client.crt
```

#### How do I setup mTLS integration?

On the settings page, you'll see 'mTLS' tab on the left navigation bar

<figure><img src="/files/3EQ22XOQlQTk3J89xZFb" alt=""><figcaption></figcaption></figure>

Click on the 'Upload Certificate' button.\
\ <img src="/files/RLfaSNUySoABD6OYM5lm" alt="" data-size="original">

You can either upload the X.509 public certificate file, or copy and paste the contents of the file. Click on upload and the certificate would be applicable.\
\
You can then use the [https://mtls.apis.saleschat.pro](https://mtls.apis.saleschat.pro/) (or UAT) domain to make API requests.

#### How to test if the certificate is working?

Use the following CURL to verify if you've configured the certificate correctly

```shellscript
curl -i \
  --cert saleschat-client.crt \
  --key saleschat-client.key \
  "https://mtls.apis.t.saleschat.pro/v4/orgs/<ORG_ID>/mtls/hello"
```

You should `200 OK` response with the following text -

```
HTTP/2 200 
date: Mon, 08 Jun 2026 08:13:55 GMT
content-type: text/plain;charset=ISO-8859-1
content-length: 13

Hello, world!
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.saleschat.pro/api-documentation/mutual-tls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.