Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

The CoreOne Suite consists of multiple distributed services. To communicate between the services and to the end-user and to sign various things like tokens, certificates are used. So whenever you are planning on distributing a new service or a new installation, you will need to have some certificates ready. This page gives you a an overview on the requirements.

For each connection between the CoreOne Application Services and the CoreOne System Connectors / CoreOne Secure Router, a separate certificate is required per server, which supports “Server Authentication” and “Client Authentication”. In addition, the corresponding public certificate must be available on the other side.
As example:.

A full overview of all communication channels, ports and more check the page Connectivity (Network ports, protocols and certificates)

Nb.

Communication FROM - TO

Public / Internal

Notes and Remarks

1

COS-WEB <-> Device

Public

SSL Certificate for UI of Web-Services

2

COS-PORTAL <-> Device

Public

SSL Certificate for UI of SelfService Portal

3

COS-AUTH <-> Device

Public

SSL Certificate for OpenID and Authentication

4

COS Token Signing

Public

Certificate for Token signing

5

COS-WEB <-> COS-APP

Internal

SSL Certificate for Communcation of APP-Services

6

COS-APP <-> COS-RT

Internal

SSL Certificate for Communcation of RT-Services

7

COS-RT <-> COS-SC

Internal

SSL Certificate for Communcation of SC-Services

8

COS-WFE <-> COS-APP

Internal

SSL Certificate for Communcation of Workflow S.

9

COS-WFE <-> COS-AUTH

Internal

SSL Certificate for Communcation of Workflow S.

https://lucid.app/lucidchart/00160333-04a9-4d01-b436-7100d5f1fd6f/view?page=0_0&invitationId=inv_97d54472-2c7d-48b0-8ab6-00aa34c50b2c#

Here is an example of generally needed certificates

URL

Service

Certificate

Subject Alternativ Name

https://demoiam.itsensecustomer.chnet

CoreOne Web Services

CoreOne Web Services

demoiam.itsensecustomer.ch oder *itsense.chnet or *.customer.net

https://openidauth.itsensecustomer.chnet

CoreOne Authentication Services

CoreOne Authentication Services

openidauth.itsensecustomer.ch oder *itsense.chnet or *.customer.net

https://iam-api.itsensecustomer.chnet

CoreOne API

CoreOne API

iam-api.itsensecustomer.ch oder *itsense.chnet or *.customer.net

https://portalmyaccount.itsensecustomer.chnet

CoreOne Self Service Portal

CoreOne Self Service Portal

portalmyaccount.itsensecustomer.ch oder *itsense.ch

COS WEB < - > COS APP

internal certificate

IAM.Genreal

...

COS WEB < - >Endgerät (SSL certificate for UI)

...

COS Token Signing (For signing the Tokens)

...

net or *.customer.net

https://iam-wf.customer.net

CoreOne Worklfow Runner

CoreOne Worklfow Runner

iam-wf.customer.net or *.customer.net

COS WEB < - > COS APP

...

COS APP < - > COS RT (Internal communication)

...

COS RT < - > COS SC / COS RT (Internal communication)

COS APP → COS RT → COS SC

...

internal certificate

IAM.Genreal

iam-com.customer.net or *.customer.net

Token Signing (Optional) 

A certificate with which the private key can be exported is required for Token signing.