General
Encrypted connections
You can configure encrypted connections (SSL/TSL) with Intrexx. In certain scenarios, such as the connection between the front-end web server and the client (browser), it is imperative to configure encrypted connections.
TLSv1.2, TLSv1.3
Intrexx TLSv1.2 and TLSv1.3 as encryption protocol between browser and web server.
Certificates
To configure encrypted connections, you need certificates. Certificates are files that contain a range of information, including the public and possibly also the private key.
You can obtain certificates from certificate authorities. For test systems, you can also use so-called self-signed certificates if necessary. Usually, Intrexx is integrated into the local Public Key Infrastructure (PKI).
Intrexx as a data provider (Intrexx as a server)
Intrexx can function as a data provider. This is the case, for example, if you provide data to an external consumer via an OData connection. So that an encrypted connection between Intrexx and the consumer can be established, you need to save a certificate in Intrexx that contains both the public and private key. (Please refer to the section Offering data)
A similar scenario is represented by the connection between the front-end web server and the client (browser). In this case, Intrexx does not (directly) provide the data but rather the front-end web server. But a certificate with a public and private key needs to be added (to the front-end web server here as well). (Compare Scenario 1 - Encrypted connection between the front-end web server and browser)
Intrexx as a consumer of data (Intrexx as a client)
Intrexx can function as a data consumer. Intrexx provides numerous integration options that allow you to display and process data from external systems. In this case, you only need to save certificates with an public key in Intrexx to establish an encrypted connection to the external system. (See section Consume data).
Storage locations for certificates - keystores
Intrexx as a client If Intrexx functions as a client, you must save the required certificates in the (central) certificate store of the portal (Portal > Portal properties > Certificates).
The certificate store contains a range of certificates from trusted certificate authorities. These are included with the JDK provided with Intrexx. So if you want to set up an encrypted connection with Intrexx using a certificate signed by a trusted certification authority, you do not need to store this manually in the certificate store.
Intrexx as a server If Intrexx functions as a server, you must manually create your own certificate store.
Where you should create the certificate store depends on the respective data integration.
Frontend web server Normally you use a frontend web server (IIS or NGINX) for productive portals.
In this case, the certificate is stored outside of Intrexx.
Formats for certificate stores
Certificate stores (keystores) are created in the .JKS or PKCS12 format.
Send us an e-mail