...
The CoreOne Suite consists of multiple distributed services. To communicate between the services and to the end-user and to sign various things like tokens, certificates are used. So whenever you are planning on distributing a new service or a new installation, you will need to have some certificates ready. This page gives you a an overview on the requirements.
For each connection between the CoreOne Application Services and the CoreOne System Connectors / CoreOne Secure Router, a separate certificate is required per server, which supports “Server Authentication” and “Client Authentication”. In addition, the corresponding public certificate must be available on the other side.
A full overview of all communication channels, ports and more check the page Connectivity (Network ports, protocols and certificates)
Nb. | Communication FROM - TO | Public / Internal | Notes and Remarks |
1 | COS-WEB <-> Device | Public | SSL Certificate for UI of Web-Services |
2 | COS-PORTAL <-> Device | Public | SSL Certificate for UI of SelfService Portal |
3 | COS-AUTH <-> Device | Public | SSL Certificate for OpenID and Authentication |
4 | COS Token Signing | Public | Certificate for Token signing |
5 | COS-WEB <-> COS-APP | Internal | SSL Certificate for Communcation of APP-Services |
6 | COS-APP <-> COS-RT | Internal | SSL Certificate for Communcation of RT-Services |
7 | COS-RT <-> COS-SC | Internal | SSL Certificate for Communcation of SC-Services |
8 | COS-WFE <-> COS-APP | Internal | SSL Certificate for Communcation of Workflow S. |
9 | COS-WFE <-> COS-AUTH | Internal | SSL Certificate for Communcation of Workflow S. |
https://lucid.
An exampleapp/lucidchart/00160333-04a9-4d01-b436-7100d5f1fd6f/view?page=0_0&invitationId=inv_97d54472-2c7d-48b0-8ab6-00aa34c50b2c#
Here is an example of generally needed certificates
URL | Service | Certificate | Subject Alternativ Name | |||
---|---|---|---|---|---|---|
CoreOne Web Services | CoreOne Web Services | demoiam.itsensecustomer.ch oder *itsense.chnet or *.customer.net | ||||
CoreOne Authentication Services | CoreOne Authentication Services | openidauth.itsensecustomer.ch oder *itsense.chnet or *.customer.net | ||||
https://iam-api.itsensecustomer.chnet | CoreOne API | CoreOne API | iam-api.itsensecustomer.ch oder *itsense.chnet or *.customer.net | |||
https://portalmyaccount.itsensecustomer.chnet | CoreOne Self Service Portal | CoreOne Self Service Portal | portalmyaccount.itsensecustomer.ch oder *itsense.ch | COS WEB < - > COS APP | internal certificate | IAM.Genreal |
...
COS WEB <-> End user device (SSL certificate for UI)
...
COS Token Signing (For signing the Tokens)
...
net or *.customer.net | |||
CoreOne Worklfow Runner | CoreOne Worklfow Runner | iam-wf.customer.net or *.customer.net | |
COS WEB < - > COS APP |
...
COS APP < - > COS RT (Internal communication)
...
internal certificate | IAM.Genreal | iam-com.customer.net or *.customer.net |
Token Signing (Optional)
...