Create an mTLS Identity Provider and define the Certificate Authority.

• The provided Certificate Authority will be installed as a trusted mTLS Identity Provider and bound to the given realm
• A single Certificate Authority can be bound to one and only one realm at any one point in time.
• Certificates issued by the Certificate Authority can be used to authenticate identities in the realm via the /mtls/token endpoint

Certificate Revocation:

• If the provided Certificate Authority contains a CRL Distribution Point URL, this URL will be used to periodically retrieve revoked certificates and prevent such certificates from authenticating to the platform.
• If the provided Certificate Authority contains an OCSP responder URL, this URL will be used to check the status of individual certificates to determine if they are revoked.
• The timeliness between a certificate being revoked by the Certificate Authority and the same revoked certificate being denied by an mTLS Authenticator in the platform is not defined by this specification.

NOTE: A maximum of 10 mTLS Identity Providers can be created per realm.

Access Control:

• The calling principal must have "manageMtlsIdentityProviders" action permission for the resource "{realm}" in the "account" service.
• The calling principal MUST NOT include a project scope.