System requirement Certificates
- Benjamin Löhrer (Unlicensed)
- Günther Wasser (Unlicensed)
- Christina Burkhard
Introduction
The CoreOne Suite consists of multiple distributed services. To communicate between the services and to the end-user and to sign various things like tokens, certificates are used. So whenever you are planning on distributing a new service or a new installation, you will need to have some certificates ready. This page gives you an overview on the requirements.
For each connection between the CoreOne Application Services and the CoreOne System Connectors / CoreOne Secure Router, a separate certificate is required per server, which supports “Server Authentication” and “Client Authentication”. In addition, the corresponding public certificate must be available on the other side.
A full overview of all communication channels, ports and more check the page Connectivity (Network ports, protocols and certificates)
Nb. | Communication FROM - TO | Public / Internal | Notes and Remarks |
1 | COS-WEB <-> Device | Public | SSL Certificate for UI of Web-Services |
2 | COS-PORTAL <-> Device | Public | SSL Certificate for UI of SelfService Portal |
3 | COS-AUTH <-> Device | Public | SSL Certificate for OpenID and Authentication |
4 | COS Token Signing | Public | Certificate for Token signing |
5 | COS-WEB <-> COS-APP | Internal | SSL Certificate for Communcation of APP-Services |
6 | COS-APP <-> COS-RT | Internal | SSL Certificate for Communcation of RT-Services |
7 | COS-RT <-> COS-SC | Internal | SSL Certificate for Communcation of SC-Services |
8 | COS-WFE <-> COS-APP | Internal | SSL Certificate for Communcation of Workflow S. |
9 | COS-WFE <-> COS-AUTH | Internal | SSL Certificate for Communcation of Workflow S. |
Here is an example of generally needed certificates
URL | Service | Certificate | Subject Alternativ Name |
|---|---|---|---|
CoreOne Web Services | CoreOne Web Services | iam.customer.net or *.customer.net | |
CoreOne Authentication Services | CoreOne Authentication Services | auth.customer.net or *.customer.net | |
CoreOne API | CoreOne API | iam-api.customer.net or *.customer.net | |
CoreOne Self Service Portal | CoreOne Self Service Portal | myaccount.customer.net or *.customer.net | |
CoreOne Worklfow Runner | CoreOne Worklfow Runner | iam-wf.customer.net or *.customer.net | |
COS WEB < - > COS APP | internal certificate | IAM.Genreal | iam-com.customer.net or *.customer.net |
Token Signing (Optional)
A certificate with which the private key can be exported is required for Token signing.
© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.