Scenario 5 - Encrypted connection for Intrexx-internal communication via REST

Architecture

In connection with the REST API, two components are relevant in Intrexx: Intrexx Portal Manager and Portal servicee)

The portal has its own web server on which the REST API runs. The portal uses certificates for communication. The Portal Manager connects to the Portal service.

Certificate types

CA-signed certificates If you use a CA-signed certificate, you do not need to take any special measures other than renewing your certificate when the expiration date is reached (see below).

Self-signed certificates If you use a self-signed certificate, you must confirm (once) that you trust the certificate when you start the Portal Manager. If you generate the self-signed certificate via Intrexx (see below), it is valid for three years.

Renew certificates

You may need to renew or replace your certificate. This may be the case, for example, if the expiration date of your certificate has been reached or if the URL or IP address to which your certificate was issued has changed.

You can replace certificates with the aid of a script included with Intrexx. When you execute this script, a new self-signed certificate will be generated automatically.

The script is located in the directory <installation directory>/bin/<operating system>/createcertificate

The script can be called up with the following parameters:

-h, --help: Opens a help text in the console

-p, --portal: If a certificate is to be exchanged for a portal, the portal directory must be specified here.

An example script call for replacing a portal certificate could look like this: createcertificate.sh -p /opt/intrexx/org/portal --san dns:www.example.org ip:127.0.0.1