on 03-25-2015 12:12 PM
Hi,
is it possible to use self signed certificate from ECC "SSL client SSL Client (Standard)" for the HCI integration?
If yes, what else must be done besides using this certificate within the iFlows?
Best Regards
Florian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Florian
For trust, not authentication, HCI provides a signed server cert. The customer must purchase a signed certificate for the reverse proxy. Assuming they are already using the reverse proxy for something else, then they will have this. The list of trusted CA's in the in the online help of HCI.
The minimum required is signed server certs for ERP and the reverse proxy.
In the C4C50 we do a very cost efficient way to secure - consider this:
ERP already had a SSL server certificate.
The reverse proxy was already being used and had a signed certificate.
The ERP and the reverse proxy are the minimum server certificates that must be purchased and signed when using HCI.
ERP to C4C we used basic authentication. This was a low risk because the ERP system is already in a very private network within our education department with additional proxies and firewalls and such. This required:
SSL for ERP, which the training dept alreadyhad.
C4C to ERP we used certificate authentication. There was not a requirement to purchase a client certificate. C4C provides one, this was exported and used in the iFlow. HCI also provides a client certificate. This certificate was sent to the reverse proxy, which forwarded it to ERP and we mapped it to the user in VSUSREXTID table.
This met the security requirements and required no additional certificate purchases. As mentioned, the ERP and reverse proxy already had signed certificates. Customers may not have SSL for ERP yet- but if they are using a reverse proxy, this will be in place. You just need to check that the CA is trusted by HCI.
Does this make sense?
-ginger
Hi Ginger,
unfortunately the courses we wanted to attend before our project were canceled
So just to verify, can you comment on this....
Regards
Florian
Yes Ginger you are right:
Best regards,
Berthold
Hi Florian,
what do you mean by "own CA"?
There is an approval process if a new public CA can be added to Load Balancers Key store. This will be carefully reviewed by our security experts and not many CA's will pass this check....
So if you are thinking about any kind of "private" CA - this will for sure not beeing accepted .
Best regards,
Berthold
User | Count |
---|---|
8 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.