Setting up SSL Encryption

www.altova.com Print this Topic Previous Page Up One Level Next page

Home >  Configuring the Server >

Setting up SSL Encryption

You can configure FlowForce so that the following HTTP connections are encrypted with SSL certificates:

 

1.The connection between a browser and FlowForce Web Server.
2.The connection between a Web service consumer (for example, some client application) and the FlowForce Server service.
3.The internal connection between FlowForce Web Server and FlowForce Server. (For information about how FlowForce Server is different from FlowForce Web Server, see How It Works.)

 

If you are using FlowForce for exchanging AS2 data, you can also optionally use SSL certificates to sign or encrypt data as part of the AS2 service, see AS2 Integration.

 

For connections 1 and 2 above, you need an SSL certificate and a private key corresponding to that certificate. For security reasons, you might want to use a separate SSL certificate and private key for each connection. If you want to use the same certificate and private key for both connections, this requires that both FlowForce Server and FlowForce Web Server have the same fully qualified domain name (FQDN). For example, if FlowForce Web Server listens on https://somehost:8083, then FlowForce Server should listen on https://somehost:4647. Note that you can always change the port later, only the host name is important in this case.

 

For connection 3 above, there is no need for a third certificate and private key pair—you can use the same SSL certificate as for FlowForce Server—in this case, FlowForce Web Server acts as HTTP client to FlowForce Server.

 

To obtain the certificates required to encrypt SSL connections in FlowForce Server, you have the following options:

 

1.Generate a CSR (Certificate Signing Request) and then have it signed by a public certificate authority (CA), such as DigiCert, Comodo, and others. The vast majority of browsers will trust server certificates signed by such a CA, because the browser (or the operating system) already trusts the CA. For instructions about how to obtain certificates signed by a public certificate authority, see Signing SSL Certificates with a Certificate Authority.
2.Alternatively, if FlowForce Server runs on a private network, and if you have the entitlement to do this in your organization, it is possible to configure your own SSL root certification authority. No browser or operating system trusts such an authority by default, so you will need to configure each machine (or browser, depending on the case) that connects to FlowForce Server to trust your self-signed root certificate. Otherwise, the browser will still display warnings such as "This site is not secure" or the Web service call will not be successful. For more information, see Creating Self-Signed SSL Certificates.

© 2019 Altova GmbH