7 TLS Certificate Management

IDX requires 2 TLS certificates to support non-repudiation and certificate rollover. Participants must designate one certificate as Primary and one as Secondary, with only one certificate assigned to each role at any time.

Both certificates must be AEMO Australian Energy Market Operator-signed TLS certificates issued under the AEMO-RCA-G2 root.

7.1 Prerequisites

Before assigning primary and secondary flags to TLS Certificates, you need:

Access to the Markets Portal Web applications for registered participants only. Requires access to MarketNet. and the TLS Certificate Management interface with the appropriate URM User Rights Management; see the Guide to URM on AEMO's website permissions.
To generate CSRs and obtain 2 AEMO‑signed TLS client certificates using the TLS Certificate Management application or TLS Certificate Management API Application Programming Interface; a set of clearly defined methods of communication between various software components..

Certificates are visible under the Participant’s certificate inventory in the Markets Portal.

7.2 Nominate primary and secondary TLS certificates

For this release, participants must request AEMO to set their certificates as primary or secondary certificates. Participants can self-manage certificate flags in a subsequent release.

To nominate primary and secondary TLS Certificates for IDX:

Choose 2 valid AEMO‑signed TLS client certificates available for IDX use in the pre‑production or production environment, where one is:
1. Primary - the certificate intended for active IDX connectivity.
1. Secondary - the certificate intended for contingency.

Submit an AEMO Support Hub request to assign Primary and Secondary TLS certificates for IDX. Provide the following details:
- Your Participant ID.
- The IDX environment (pre-production or production).
- The primary certificate common number (CN) and serial number.
- The secondary certificate CN and serial number.