SSL - Client Authentication Certificate

What is it?

The Client Authentication Certificate is a digital certificate used to authenticate a user, device, or application safely to a server when accessing protected services. This certificate enables the implementation of mutual TLS (mTLS), which is a secure communication channel in which both the client and the server prove their identities through robust cryptographic mechanisms. It is the ideal solution for environments requiring strong authentication, advanced access control, and end-to-end security.

Main use cases

The most common scenarios where SSL Client Certificates are used include: 

  • Access to GME services (Gestore dei Mercati Energetici): Many GME services require client certificates to authenticate users and systems accessing the Electricity and Gas Market platforms. 
  • Authentication of users or systems in proprietary environments. 
  • Access to: Internal company portals, intranets, management consoles, identity & access management services. 
  • Authentication of applications and APIs via mTLS: Server-to-server communications, microservices, containerized applications, B2B integrations.
     

Technical features

Enables TLS Client Authentication – strong authentication based on X.509 certificates. 

  • Support for mTLS on HTTPS servers. 
  • Can attest to a personal or organizational identity. 
  • Compatible with major browsers, operating systems, and application servers. 
  • Issued by a CA included in the Italian Trust Service List (according to eIDAS regulation).
     

Issuance requirements

The following are required for issuance:

  • A CSR (Certificate Signing Request) generated on the client’s device or system.
  • Organization data (for organizational certificates).
  • User identification (for personal certificates).

Issuance process

  1. Access the Actalis portal.
  2. Choose the SSL Client Certificate service.
  3. Fill out the form with the required data.
  4. Download the form and digitally sign it, and attach a copy of your ID if the form is instead signed with a handwritten signature.
  5. Send it for verification.
  6. Our enrollment center will validate the data and contact you to request the CSR and proceed with certificate issuance.
  7. Once the certificate is issued, you will see it in the customer area.

Validity

You can choose a duration of 1, 2, or 3 years.

Important notes

  • This certificate cannot also be used as an SSL/TLS certificate for web servers (for this purpose, you can order a certificate for SSL/TLS Server). 
  • It does not enable channel encryption (which depends only on the SSL/TLS server certificate).
     

Help us improve