The Xentara Web Service v1.2.1
User Manual
|
The Xentara Web Service only supports encrypted communication using HTTPs. Plain-text HTTP is not supported for security reasons.
In order to be able to accept secure connections, the Web Service needs to have access to a valid SSL cerificate for the host it is running on. You can either get a certificate from a trusted certificate authority (CA), or you can use a self-signed certificate. If you use a certificate from a trusted certificate authority, clients will generally recognize the certificate as trusted without any special configuration. If you use a self-signed certificate, the certificate must usually be added to the list of trusted certificates in the client.
If your company has its own CA, you can also use certificates issued by that CA, of course.
Self-signed certificates are certificates you generate yourself. Such certificates are generally not trusted by clients, because anyone, even an attacker, can generate self-signed certificates. For a self-signed certificate to be trusted by a client, the certiificate must usually be installed in the client’s certificate store.
You can generate a self-signed certificate using OpenSSL. To generate a certificate, use the following OpenSSL command:
This will generate a certificate file named certificate.pem in the current directory. The file will contain both the certificate and the private key, as is required by the Xentara Web Service.
The option -days 36500 makes the certificate valid for 36500 days, or approximately 100 years. If you use a shorter expiry time (365 days is a common choice), please remember that the certificate must then be replaced at regular intervals on both the server and the client.
The server certificate must be a PEM file containing both the certificate and the private key. PEM files are text files. A typical certificate file has the following structure:
-----BEGIN PRIVATE KEY----- VGhpcyBpcyBub3QgYSByZWFsIHByaXZhdGUga2V5LiBJdCBpcyBBSSBnZW5lcmF0 ZWQgbm9uc2Vuc2UuIFRoZSBwZXJzb24gd2l0aCB0aGUgcHVibGljIGtleSBpbiB0 aGF0IGNhc2UgaXMgb25seSBkb2luZyB0aGUgc2FtZSB0aGluZyBhcyBldmVyeW9u ZSBlbHNlIHdobyBoYXMgcHJpdmF0ZSBrZXkuIFRoZXkgYXJlIGRvaW5nIG1vcmUg dGhhbiBqdXN0IHJ1bm5pbmcgdGhlIHJhbmRvbSBkYXRhIGdlbmVyYXRlZCBmcm9t IHJhbmRvbSBkYXRhLg== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- VGhpcyBpcyBub3QgYSByZWFsIGNlcnRpZmljYXRlLiBJdCBpcyBBSSBnZW5lcmF0 ZWQgbm9uc2Vuc2UuIFRoaXMgdHlwZSBpcyBhIHByb2dyYW1taW5nIGxhbmd1YWdl LiBJdCBpcyBhIHByb2dyYW1taW5nIHRvb2wgYW5kL29yIGhhcmR3YXJlLiBJdCBp cyBhIHByb2dyYW1taW5nIGxhbmd1YWdlLiBJdCBpcyBsaWtlIHRoZSB3b3JkIG9m IHRoZSBiaWJsZTogInByb2dyYW1taW5nIGxhbmd1YWdlcyBhcmUgZGVzaWduZWQg dG8gd29yayB3ZWxsIHdpdGggdGhlIGh1bWFuIHNlbnNlcyBvZiBoZWFyaW5nIGFu ZCBzaWdodCB3aXRoIGFuZCB3aXRob3V0IHRoZSBhc3Npc3RhbmNlIG9mIGV4dGVy bmFsIGRldmljZXMsIGluc3RydW1lbnRzIG9mIGluZm9ybWF0aW9uIHByb2Nlc3Np bmcsIG9yIG90aGVyIHBoeXNpY2FsIG1lYW5zIi4= -----END CERTIFICATE-----