Certificates and encrypted connections in Intrexx


Encrypted connections
You can configure encrypted connections (SSL/TSL) with Intrexx. We explicitly recommend that you configure an encryption connection in some scenarios, such as the connection between the front-end web server and the client (browser).

To configure encrypted connections, you need certificates. Certificates are files that contain a range of information including the public and, if applicable, the private key.

You can obtain certificates from certificate authorities. You can also use so-called self-signed certificates.

Intrexx as the data provider (Intrexx as the server)
Intrexx can function as a data provider. This is the case, for example, if you provide data to an external consumer via an OData connection. So that an encrypted connection between Intrexx and the consumer can be established, you need to save a certificate in Intrexx that contains both the public and private key. (Please refer to the chapter "Provide data" for more information.)
A similar scenario is represented by the connection between the front-end web server and the client (browser). In this case, Intrexx does not (directly) provide the data but rather the front-end web server. But a certificate with a public and private key needs to be added (to the front-end web server here as well. (Please refer to "Scenario 1 - Encrypted connection between the front-end web server and browser".)

Intrexx as the data consumer (Intrexx as the client)
Intrexx can function as a data consumer. Intrexx provides numerous integration options that allow you to display and process data from external systems. In this case, you only need to save certificates with an public key in Intrexx to establish an encrypted connection to the external system. (Please refer to the chapter "Provide data" for more information.)

Storage location for certificates - Keystores

Intrexx as the client If Intrexx functions as the client, you must store the required certificates in the (central) portal certificate store (Portal menu > Portal properties > Certificates).
The certificate store contains (as of Intrexx 19.03) a range of certificates from trusted certificate authorities. These are included with the JDK provided with Intrexx. Therefore, if you would like to configure an encrypted connection with Intrexx using a certificate signed by a trusted certificate authority, you do not need to manually add this certificate to the certificate store.

Intrexx as the server If Intrexx functions as the server, you need to manually create a certificate store. Where you should create the certificate store depends on the respective data integration.

Front-end web server You will normally use a front-end web server (IIS or NGINX) for live portals. The certificate is saved in the front-end web server in this case.

Formats for keystores Certificate stores (keystores) are created in the .JKS or PKCS12 format.