Scenario 4 - Encrypted connection between the Intrexx portal server and external systems (integrations)

When it comes to a connection between Intrexx and external systems, a distinction must be made between whether Intrexx consumes or provides data. If Intrexx consumes data, i.e. acts as a client, only a certificate with a public key needs to be saved in Intrexx. If Intrexx offers data, i.e. acts as a server, a certificate with a public and private key must be saved in Intrexx.

Consume data

Intrexx provides options for integrating numerous external systems.

In order to establish an encrypted connection to these systems, you need a certificate from the operators of the third-party systems that contains the public key.
You need to save this in the central certificate store of your portal.

Note The central certificate store contains a number of certificates from trusted certification authorities by default. These are included with the JDK provided with Intrexx. Therefore, with common third-party systems hosted in the cloud, it is possible that the certificate already exists in the central certificate store.

Step-by-step guide

To import a certificate into the certificate store of your portal, proceed as follows:

  1. Open the portal properties ("Portal > Portal properties").

    This takes you to the "Edit portal pagee.

  2. Click on "Certificates".

    This takes you to the "Certificates" page.
    The lock symbol and the link are only displayed if you have not yet accessed the certificate store in the current session.

  3. Click here to access the certificate store.

    The "Certificate store password" dialog box appears.

    Enter "changeit" as the password if you have not yet assigned your own password for the certificate store. (You can change the password for the certificate store in the next dialog.)

    Enter your own password if you have assigned one for the certificate store.

  4. Click on "OK".

    You will now see a list of all certificates included with Intrexx.

    5. Click on ""+"".

    The "Certificate import" dialog box appears.

    Name

    Description

    Download from URL

    A certificate can be loaded here. Enter the corresponding URL.

    Download from Internet address

    Allows you to download certificates.

    Server / Port

    Enter the download server (its name or IP address) and the port.

    Import the file

    A certificate file can be integrated with this option.
    Add file

    Opens a dialog where the certificate file can be selected.

    Import of the certificate text

    Enables the direct import of certificate texts. Insert the corresponding text in the input field.
    This option can be useful if the certificate is available as a PEM file, for example.
    The file can look something like this:
    -----BEGIN CERTIFICATE-----
    aiwdjpawipAUWEIadlwidhalwihdPAIWHDLAIwhd
    (...)
    aldi13u08142eodaildwycaG9730e8z1qCcadho8
    -----END CERTIFICATE-----

  5. Make the necessary entries.

  6. Click on "Next".
    Details of the certificate selected in the previous step are shown in the next dialog.

  7. Click on "Next".

  8. Enter an alias name for the certificate in the subsequent dialog.



    The alias name helps you identify the certificate in the certificate store.

  9. Click on "Finish".
    You will now be returned to the certificate store. The certificate you have imported is displayed.
    You have imported a certificate into the certificate store of your portal.

Reset certificate store

If you no longer know the password for the certificate store (Portal > Portal properties > Certificates), you must reset the certificate store. (It is not possible to "reset" the password)

To reset the certificate store, replace your portal's certificate store at the file level with the certificate store that was delivered with Intrexx.

You can find your portal's certificate store here:

<intrexx installation directory><org><portalname>/internal/cfg/cacerts

You can find the certificate store that was delivered with Intrexx here:

<intrexx installation directory>/orgtempl/blank/internal/cfg/cacerts

Please note that any certificates you have added will be lost when the certificate store is reset.

Provide data

Intrexx can provide data for OData (and web services).

In this case, you must manually create your own keystore and save the certificate with the public and private key there.
To make data available via OData, Intrexx uses "Jetty". The keystore must be stored on the Jetty web server.
Further information on "Jetty" can be found at the following link: https://www.eclipse.org/jetty/