Certificates and encrypted connections in Intrexx

General

Encrypted connections

You can configure encrypted connections (SSL/TSL) with Intrexx. In certain scenarios, such as the connection between the front-end web server and the client (browser), it is imperative to configure encrypted connections.

TLSv1.2, TLSv1.3

Suggests Intrexx TLSv1.2 and TLSv1.3 as the encryption protocol between browser and web server.

Certificates

To configure encrypted connections, you need certificates. Certificates are files that contain a range of information including the public and, if applicable, the private key.


You can obtain certificates from certificate authorities. On test systems, you can also use so-called self-signed certificates if needed. Usually, Intrexx is integrated into the local Public Key Infrastructure (PKI).

Intrexx as the data provider (Intrexx as the server)

Intrexx can function as a data provider. This is the case, for example, if you provide data to an external consumer via an OData connection. So that an encrypted connection between Intrexx and the consumer can be established, you need to save a certificate in Intrexx that contains both the public and private key. (Please refer to the chapter "Provide data" for more information.)
A similar scenario is represented by the connection between the front-end web server and the client (browser). In this case, Intrexx does not (directly) provide the data but rather the front-end web server. But a certificate with a public and private key needs to be added (to the front-end web server here as well). (Please refer to Scenario 1 - Encrypted connection between the front-end web server and browser.)

Intrexx as the data consumer (Intrexx as the client)

Intrexx can function as a data consumer. Intrexx provides numerous integration options that allow you to display and process data from external systems. In this case, you only need to save certificates with an public key in Intrexx to establish an encrypted connection to the external system. (Please refer to the chapter Consume data for more information.)

Storage location for certificates - Keystores

Intrexx as the client If Intrexx functions as the client, you must store the required certificates in the (central) portal certificate store (Portal menu > Portal properties > Certificates).
The certificate store contains a range of certificates from trusted certificate authorities. These are included with the JDK provided with Intrexx. Therefore, if you would like to configure an encrypted connection with Intrexx using a certificate signed by a trusted certificate authority, you do not need to manually add this certificate to the certificate store.

Intrexx as the server If Intrexx functions as the server, you need to manually create a certificate store.

Where you should create the certificate store depends on the respective data integration.

Front-end web server You will normally use a front-end web server (IIS or NGINX) for live portals.

In this case, the certificate is stored outside of Intrexx.

Formats for keystores

Certificate stores (keystores) are created in the .JKS or PKCS12 format.