Usage of Digital Certificates |
|
The various aspects within Process Platform where digital certificates are used are as follows:
Feature |
Description |
Store |
|---|---|---|
OpenText CARS |
OpenText CARS utilizes a self-signed certificate to secure LDAP connection. This certificate is used only when OpenText CARS is being used in the SSL mode (ldaps://). |
<OpenText CARS_INSTALL_DIR>/certificates/<MACHINE_NAME>-cert.cer, see also SSL Options on OpenText CARS. |
Certificate based login for users |
User certificates used for logging into a secured application. |
User certificate store. For example: Active Directory. |
Application Signer |
Certificates used for signing applications to ensure the integrity of the application. |
This certificate must be provided while signing. Refer to Application Signing for more information. |
UDDI Connector |
Certificates used for server authentication (SSL/TLS). |
Trust anchors are stored in Certificate store in the Security Administration task. |
| UDDI Connector | Certificates used for client authentication (SSL/TLS). |
See Using SSL in Platform connectors for more information. |
| HTTP Connector | Certificates used for server authentication (SSL/TLS). | Trust anchors are stored in the Certificate store in Security Administration task. |
| HTTP Connector | Certificates used for client authentication (SSL/TLS). | See Using SSL in Platform connectors. |
Enterprise Service Bus (ESB) |
Certificates used for signing SOAP messages. These SOAP messages are exchanged between service groups to ensure secure transfer. |
A Java keystore, see Enabling SSL Communication for more information. |
Trusted publisher certificate |
Certificate issued guarantee application integrity. This certificate is used for signing the application packages released by the software vendors such as OpenText. |
Code Signing Certificate store in Security Administration task. |
Process Platform Monitor Certificate |
Every installation has a self-signed certificate called monitor certificate and this certificate is unique for every installation.The monitor certificate behaves like a Certification Authority (CA) in Process Platform and issues certificates to service groups. |
<Process_Platform_install_dir>\certificates\keystore\<MACHINE_NAME>_monitor.p12, also contained in <Process_Platform_install_dir>\certificates\truststore\CordysDefaultTrustStore.p12 |
SSO |
The Process Platform Monitor issues a certificate to the SSO service group. This certificate is used for signing SAML assertions issued by Process Platform. |
Single Sign-on service group configuration in LDAP. |