# Access to DigiCert Trusted Root Authority Certificates source: https://developer.mastercard.com/mdes-pre-digitization/documentation/api-basics/entrust/index.md ## Access to DigiCert Trusted Root Authority Certificates {#access-to-digicert-trusted-root-authority-certificates} Mastercard will need to establish a mutual TLS connection with your Internet-facing appliance to initiate outbound web service calls to your previously designated endpoint. For you to validate the Mastercard API Gateway Client certificate (when presented), you will need to ensure your Internet appliance has access to a trustore containing the DigiCert Trusted Root Authority Certificates (which is the CA chain that issued the Mastercard API Gateway Client certificate). Should you need to obtain this CA Chain, you may download it from the DigiCert website [DigiCert Trusted Root Authority Certificates](https://www.digicert.com/kb/digicert-root-certificates.htm#roots:~:text=0C%3AF5%3ABD%3A06%3A2B%3A56%3A02%3AF4%3A7A%3AB8%3A50%3A2C%3A23%3ACC%3AF0%3A66) and import it into the appropriate trustore. If your middleware configuration relies on the CA Trust method and DN validation for authentication. If you are accessing the Digicert site from the appliance containing the trustore and you wish to install the certificates, you may simply download the certificates: 1. Download DigiCert from the [DigiCert Trusted Root Authority Certificates](https://www.digicert.com/kb/digicert-root-certificates.htm#roots:~:text=0C%3AF5%3ABD%3A06%3A2B%3A56%3A02%3AF4%3A7A%3AB8%3A50%3A2C%3A23%3ACC%3AF0%3A66). 2. Add **DigiCert Assured ID Client CA G2** to the respective trust stores. 3. Trust the DigiCert CA. Or if you are accessing the Digicert site from a PC or server not connected to the intended trustore and simply want to download the certificates, you may: 1. Click **Download** to download your certificate. 2. Click **Save** and select the Save Target As... option. 3. Navigate to the directory to which you wish to save the certificate. 4. Click **Save**. Note: Self-signed customer certificates will not be allowed by Mastercard, when setting up the secure connection that pre-digitization requires. Customer middleware configuration requires end-entity certificates be locally stored or if the configuration implements non-standard validation mechanisms, such as certificate pinning, please contact [Digital Support](mailto:digital.support@mastercard.com).