Scenario 5 - Encrypted connection for Intrexx-internal communication via REST

Architecture
In the context of the REST API, three components are relevant in Intrexx: Im Zusammenhang mit der REST-API sind in Intrexx drei Komponenten relevant: Intrexx Portal Manager, the portal (service) and the supervisor (service).
The supervisor and portal service each have their own web server where the REST API runs. They use certificates for the communication. The Manager connects to both services.

Certificate types
CA-signed certificats If you are using a CA-signed certificate, you do not need to take any special measures except to renew your certificate when it expires (see below).
Self-signed certificates If you use a self-signed certificate, you must confirm (once) that you trust the certificate when you start the Portal Manager. If you have generated the self-signed certificate via Intrexx (see below), it will be valid for three years.



Renew certificates
You may need to renew or replace your certificate. This may be the case, for example, if the certificate has expired or if the URL or IP address, which the certificate was created for, has changed.

You can replace certificates with the aid of a script included with Intrexx. When you execute this script, a new self-signed certificate will be generated automatically.
You can find the script in the <installation directory>/bin/<operating system>/createcertificate

The script can be called with the following parameters:
-h, --help: Opens a help text in the console
-p, --portal: If you want to replace a portal certificate, the portal directory must be specified here.
-s, --supervisor: If you want to replace the server certificate, this flag must be set.
-a, --san: The Subject Alternative Names must be specified here. The Subject Alternative Names must have either "ip:" or "dns:" as a prefix.


An example script call for replacing the supervisor certificate could look like this:
createcertificate.sh -s --san dns:www.example.org ip:127.0.0.1

An example script call for replacing a portal certificate could look like this: createcertificate.sh -p /opt/intrexx/org/portal --san dns:www.example.org ip:127.0.0.1