Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

For secure communication between the CoreOne Web Services and the end devices, an SSL certificate is required that corresponds to the CoreOne Web Services. In other words, the subject alternative name of the certificate must match the URL of the Web. If the CoreOne Web Services and the CoreOne Applications Services are installed on the same system, the same certificate can be usedThe CoreOne Suite consists of multiple distributed services. To communicate between the services and to the end-user and to sign various things like tokens, certificates are used. So whenever you are planning on distributing a new service or a new installation, you will need to have some certificates ready. This page gives you an overview on the requirements.

For each connection between the CoreOne Application Services and the CoreOne System Connectors / CoreOne Secure Router, a separate certificate is required per server, which supports “Server Authentication” and “Client Authentication”. In addition, the corresponding public certificate must be available on the other side.

A full overview of all communication channels, ports and more check the page Connectivity (Network ports, protocols and certificates)

Nb.

...

Communication FROM - TO

Public / Internal

Notes and Remarks

1

COS-WEB <-> Device

Public

SSL Certificate for UI of Web-Services

2

COS-PORTAL <-> Device

Public

SSL Certificate for UI of SelfService Portal

3

COS-AUTH <-> Device

Public

SSL Certificate for OpenID and Authentication

4

COS Token Signing

Public

Certificate for Token signing

5

COS-WEB <-> COS-APP

Internal

SSL Certificate for Communcation of APP-Services

6

COS-APP <-> COS-RT

Internal

SSL Certificate for Communcation of RT-Services

7

COS-RT <-> COS-SC

Internal

SSL Certificate for Communcation of SC-Services

8

COS-WFE <-> COS-APP

Internal

SSL Certificate for Communcation of Workflow S.

9

COS-WFE <-> COS-AUTH

Internal

SSL Certificate for Communcation of Workflow S.

https://lucid.app/lucidchart/00160333-04a9-4d01-b436-7100d5f1fd6f/view?page=0_0&invitationId=inv_97d54472-2c7d-48b0-8ab6-00aa34c50b2c#

Here is an example of generally needed certificates

...

URL

Service

Certificate

Subject Alternativ Name

https://

demo

iam.

itsense

customer.

ch

net

CoreOne Web Services

CoreOne Web Services

demo

iam.

itsense

customer.

ch oder *itsense.ch

net or *.customer.net

https://

openid

auth.

itsense

customer.

ch

net

CoreOne Authentication Services

CoreOne Authentication Services

openid

auth.

itsense

customer.

ch oder *itsense.ch

net or *.customer.net

https://iam-api.

itsense

customer.

ch

net

CoreOne API

CoreOne API

iam-api.

itsense

customer.

ch oder *itsense.ch

net or *.customer.net

https://

portal

myaccount.

itsense

customer.

ch

net

CoreOne Self Service Portal

CoreOne Self Service Portal

portal

myaccount.

itsense

customer.

ch oder *itsense.ch

COS WEB < - > COS APP

internal certificate

IAM.Genreal

...

COS WEB < - >Endgerät (SSL certificate for UI)

...

COS Token Signing (For signing the Tokens)

net or *.customer.net

https://iam-wf.customer.net

CoreOne Worklfow Runner

CoreOne Worklfow Runner

iam-wf.customer.net or *.customer.net

COS WEB < - > COS APP

...

COS APP < - > COS RT (Internal communication)

...

COS RT < - > COS SC / COS RT (Internal communication)

COS APP → COS RT → COS SC

...

internal certificate

IAM.Genreal

iam-com.customer.net or *.customer.net

Token Signing (Optional) 

A certificate with which the private key can be exported is required for Token signing.