...
Introduction
The CoreOne Suite consists of multiple distributed services. To communicate between the services and to the end-user and to sign various things like tokens, certificates are used. So whenever you are planning on distributing a new service or a new installation, you will need to have some certificates ready. This page gives you an overview on the requirements.
For each connection between the CoreOne Application Services and the CoreOne System Connectors / CoreOne Secure Router, a seperate separate certificate is required per server, which supports “Server Authentication” and “ Client “Client Authentication”. In addition, the corresponding public certificate must be available on the other side.
A full overview of all communication channels, ports and more check the page Connectivity (Network ports, protocols and certificates)
Nb. | Communication FROM - TO | Public / Internal | Notes and Remarks |
1 | COS-WEB <-> Device | Public | SSL Certificate for UI of Web-Services |
2 | COS-PORTAL <-> Device | Public | SSL Certificate for UI of SelfService Portal |
3 | COS-AUTH <-> Device | Public | SSL Certificate for OpenID and Authentication |
4 | COS Token Signing | Public | Certificate for Token signing |
5 | COS-WEB <-> COS-APP | Internal | SSL Certificate for Communcation of APP-Services |
6 | COS-APP <-> COS-RT | Internal | SSL Certificate for Communcation of RT-Services |
7 | COS-RT <-> COS-SC | Internal | SSL Certificate for Communcation of SC-Services |
8 | COS-WFE <-> COS-APP | Internal | SSL Certificate for Communcation of Workflow S. |
...
9 | COS-WFE <-> COS-AUTH | Internal | SSL Certificate for Communcation of Workflow S. |
Here is an example of generally needed certificates
URL | Service | Certificate | Subject Alternativ Name |
---|---|---|---|
CoreOne |
Web Services | CoreOne |
Web Services |
net or *.customer.net |
CoreOne |
Authentication Services | CoreOne |
Authentication Services |
net or *.customer.net |
CoreOne |
API | CoreOne |
API |
net or *.customer.net |
CoreOne |
Self Service Portal | CoreOne |
Self Service Portal |
COS WEB < - > COS APP
Internes Zerifikat
IAM.Genreal
...
COS WEB < - >Endgerät (SSL certificate for UI)
...
COS Token Signing (For signing the Tokens)
...
net or *.customer.net | |||
CoreOne Worklfow Runner | CoreOne Worklfow Runner | iam-wf.customer.net or *.customer.net | |
COS WEB < - > COS APP |
...
COS APP < - > COS RT (Internal communication)
...
COS RT < - > COS SC / COS RT (Internal communication)
COS APP → COS RT → COS SC
...
internal certificate | IAM.Genreal | iam-com.customer.net or *.customer.net |
Token Signing (Optional)
A certificate with which the private key can be exported is required for Token signing.