Operations: Server: How to Generate a Client Certificate
-
You can generate a client certificate using CreateClientCertificateOperation.
-
Learn the rationale needed to properly define client certificates in The RavenDB Security Authorization Approach
Syntax
public CreateClientCertificateOperation(string name,
Dictionary<string, DatabaseAccess> permissions,
SecurityClearance clearance,
string password = null)
// The role assigned to the certificate:
public enum SecurityClearance
{
ClusterAdmin,
ClusterNode,
Operator,
ValidUser
}
// The access level for a 'ValidUser' security clearance:
public enum DatabaseAccess
{
Read,
ReadWrite,
Admin
}
| Parameters | ||
|---|---|---|
| name | string | Name of a certificate |
| permissions | Dictionary<string, DatabaseAccess> | Dictionary mapping databases to access level |
| clearance | SecurityClearance | Access level |
| password | string | Optional certificate password, default: no password |
| Return Value | |
|---|---|
| RawData | client certificate raw data |
Example I
// With the security clearance set to Cluster Administrator or Operator,
// the user of this certificate will have access to all databases
CreateClientCertificateOperation operation =
new CreateClientCertificateOperation(
"admin", null, SecurityClearance.Operator);
CertificateRawData certificateRawData =
store.Maintenance.Server.Send(operation);
byte[] cert = certificateRawData.RawData;
Example II
// When the security clearance is ValidUser, you must specify an access level for each database
CreateClientCertificateOperation operation =
new CreateClientCertificateOperation(
"user1", new Dictionary<string, DatabaseAccess>
{
{ "Northwind", DatabaseAccess.Admin }
}, SecurityClearance.ValidUser, "myPassword");
CertificateRawData certificateRawData =
store.Maintenance.Server.Send(operation);
byte[] cert = certificateRawData.RawData;