Introduction
For secure communication between the CoreOne Web Services and the end devices, an SSL certificate is required that corresponds to the CoreOne Web Services. In other words, the subject alternative name of the certificate must match the URL of the Web. If the CoreOne Web Services and the CoreOne Applications Services are installed on the same system, the same certificate can be usedThe CoreOne Suite consists of multiple distributed services. To communicate between the services and to the end-user and to sign various things like tokens, certificates are used. So whenever you are planning on distributing a new service or a new installation, you will need to have some certificates ready. This page gives you an overview on the requirements.
For each connection between the CoreOne Application Services and the CoreOne System Connectors / CoreOne Secure Router, a separate certificate is required per server, which supports “Server Authentication” and “Client Authentication”. In addition, the corresponding public certificate must be available on the other side.
A full overview of all communication channels, ports and more check the page Connectivity (Network ports, protocols and certificates)
Nb. |
...
Communication FROM - TO | Public / Internal | Notes and Remarks | |
1 | COS-WEB <-> Device | Public | SSL Certificate for UI of Web-Services |
2 | COS-PORTAL <-> Device | Public | SSL Certificate for UI of SelfService Portal |
3 | COS-AUTH <-> Device | Public | SSL Certificate for OpenID and Authentication |
4 | COS Token Signing | Public | Certificate for Token signing |
5 | COS-WEB <-> COS-APP | Internal | SSL Certificate for Communcation of APP-Services |
6 | COS-APP <-> COS-RT | Internal | SSL Certificate for Communcation of RT-Services |
7 | COS-RT <-> COS-SC | Internal | SSL Certificate for Communcation of SC-Services |
8 | COS-WFE <-> COS-APP | Internal | SSL Certificate for Communcation of Workflow S. |
9 | COS-WFE <-> COS-AUTH | Internal | SSL Certificate for Communcation of Workflow S. |
Here is an example of generally needed certificates
...
URL | Service | Certificate | Subject Alternativ Name | |||
|---|---|---|---|---|---|---|
CoreOne Web Services | CoreOne Web Services | demoiam.itsensecustomer.ch oder *itsense.chnet or *.customer.net | ||||
CoreOne Authentication Services | CoreOne Authentication Services | openidauth.itsensecustomer.ch oder *itsense.chnet or *.customer.net | ||||
https://iam-api.itsensecustomer.chnet | CoreOne API | CoreOne API | iam-api.itsensecustomer.ch oder *itsense.chnet or *.customer.net | |||
https://portalmyaccount.itsensecustomer.chnet | CoreOne Self Service Portal | CoreOne Self Service Portal | portalmyaccount.itsensecustomer.ch oder *itsense.ch | COS WEB < - > COS APP | internal certificate | IAM.Genreal |
...
COS WEB < - >Endgerät (SSL certificate for UI)
...
COS Token Signing (For signing the Tokens)
net or *.customer.net | |||
CoreOne Worklfow Runner | CoreOne Worklfow Runner | iam-wf.customer.net or *.customer.net | |
COS WEB < - > COS APP |
...
COS APP < - > COS RT (Internal communication)
...
COS RT < - > COS SC / COS RT (Internal communication)
COS APP → COS RT → COS SC
...
internal certificate | IAM.Genreal | iam-com.customer.net or *.customer.net |
Token Signing (Optional)
A certificate with which the private key can be exported is required for Token signing.