Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

The CoreOne Suite consists of multiple distributed services. To communicate between the services and to the end-user and to sign various things like tokens, certificates are used. So whenever you are planning on distributing a new service or a new installation, you will need to have some certificates ready. This page gives you an overview on the requirements.

For each connection between the CoreOne Application Services and the CoreOne System Connectors / CoreOne Secure Router, a seperate separate certificate is required per server, which supports “Server Authentication” and “ Client “Client Authentication”. In addition, the corresponding public certificate must be available on the other side.

A full overview of all communication channels, ports and more check the page Connectivity (Network ports, protocols and certificates)

Nb.

Communication FROM - TO

Public / Internal

Notes and Remarks

1

COS-WEB <-> Device

Public

SSL Certificate for UI of Web-Services

2

COS-PORTAL <-> Device

Public

SSL Certificate for UI of SelfService Portal

3

COS-AUTH <-> Device

Public

SSL Certificate for OpenID and Authentication

4

COS Token Signing

Public

Certificate for Token signing

5

COS-WEB <-> COS-APP

Internal

SSL Certificate for Communcation of APP-Services

6

COS-APP <-> COS-RT

Internal

SSL Certificate for Communcation of RT-Services

7

COS-RT <-> COS-SC

Internal

SSL Certificate for Communcation of SC-Services

8

COS-WFE <-> COS-APP

Internal

SSL Certificate for Communcation of Workflow S.

...

9

COS-WFE <-> COS-AUTH

Internal

SSL Certificate for Communcation of Workflow S.

https://lucid.app/lucidchart/00160333-04a9-4d01-b436-7100d5f1fd6f/view?page=0_0&invitationId=inv_97d54472-2c7d-48b0-8ab6-00aa34c50b2c#

Here is an example of generally needed certificates

URL

Service

Certificate

Subject Alternativ Name

https://

demo

iam.

itsense

customer.

ch

net

CoreOne

Suite

Web Services

CoreOne

Suite

Web Services

demo

iam.

itsense

customer.

ch oder *itsense.ch

net or *.customer.net

https://

openid

auth.

itsense

customer.

ch

net

CoreOne

Suite Auth

Authentication Services

CoreOne

Suite Auth

Authentication Services

openid

auth.

itsense

customer.

ch oder *itsense.ch

net or *.customer.net

https://iam-api.

itsense

customer.

ch

net

CoreOne

Suite

API

CoreOne

Suite

API

iam-api.

itsense

customer.

ch oder *itsense.ch

net or *.customer.net

https://

portal

myaccount.

itsense

customer.

ch

net

CoreOne

Suite

Self Service Portal

CoreOne

Suite

Self Service Portal

portal

myaccount.

itsense

customer.

ch oder *itsense.ch

COS WEB < - > COS APP

Internes Zerifikat

IAM.Genreal

...

COS WEB < - >Endgerät (SSL certificate for UI)

...

COS Token Signing (For signing the Tokens)

...

net or *.customer.net

https://iam-wf.customer.net

CoreOne Worklfow Runner

CoreOne Worklfow Runner

iam-wf.customer.net or *.customer.net

COS WEB < - > COS APP

...

COS APP < - > COS RT (Internal communication)

...

COS RT < - > COS SC / COS RT (Internal communication)

COS APP → COS RT → COS SC

...

internal certificate

IAM.Genreal

iam-com.customer.net or *.customer.net

Token Signing (Optional) 

A certificate with which the private key can be exported is required for Token signing.