Versions Compared

Old Version 7

changes.mady.by.user Deborah Cross (Unlicensed)

Saved on

compared with

New Version 8

changes.mady.by.user Deborah Cross (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As part of your User Acceptance Testing, it's important you allow time to test that you can connect over Mutual Authentication in the greenID production environment. Your greenID system will be migrated to production approximately 2 weeks after final sign-off of your greenID configuration, so this timeframe plus a testing period should be factored into any project planning.

Setup

We use the following process to configure mutual authentication for test and then for production.
There are two options that you can choose from depending upon your needs and current setup.  Our preferred option is for us to generate and sign a certificate using the Edentiti private certificate authority.

If you wish to use a client certificate signed by the Edentiti private certificate authority:

  1. Send us a certificate signing request (CSR) for your application infrastructure.
  2. We will generate a certificate using the CSR, pass that certificate to you and then add that certificate to our trusted list of certificates for your test or production account.
  3. You need to add that certificate to your application server as a client certificate.
  4. To test the trust has been setup, retrieve the appropriate MSSL WSDL from the server that has the certificate installed on it.


If you are using a client certificate signed by an external certificate authority:

  1. Provide us with the client certificate that is installed on your server and the public certificate of the signing certificate authority.
  2. We will add that certificate to our trusted list of certificates for your test or production account.
  3. To test the trust has been setup, retrieve the appropriate MSSL WSDL from the server that has the certificate installed on it.

Password

Even without Mutual Authentication the web service calls are conducted over HTTPS, ensuring that the contents are safe from observers. So a second option is to provide a password with the web service calls.

...