TLS certificates

A TLS certificate that is used to connect to AEMO Australian Energy Market Operator MTLS-authenticated systems must be trusted by AEMO. AEMO is the Certificate Authority (CA) and issues TLS certificates from its Public Key Infrastructure (PKI). As such, AEMO must sign and issue all client TLS certificates.

Client certificates are valid for 3 years and issued with a 2048 bits RSA public key and SHA-2 algorithm.

Support for key usages in a single X.509v3 certificate:

• Digital Signature

• Server Authentication (1.3.6.1.5.5.7.3.1)

• Client Authentication (1.3.6.1.5.5.7.3.2)

A different certificate is required to connect to each environment - pre-production and production.