Scenario 5 - Encrypted connection for Intrexx-internal communication via REST

Architecture

In connection with the REST API, two components are relevant in Intrexx: Intrexx Portal Manager and Portal Servicee)

The portal has its own web server running the REST API. The portal uses certificates for communication. The Portal Manager connects to the Portal service.

Certificate types

CA-signed Certificate If you are using a CA-signed certificate, you do not need to take any special measures except to renew your certificate when it expires (see below).

Self-signed Certificate If you use a self-signed certificate, you must confirm (once) that you trust the certificate when you start the Portal Manager. If you have generated the self-signed certificate via Intrexx (see below), it will be valid for three years.

Renew certificates

You may need to renew or replace your certificate. This may be the case, for example, if the certificate has expired or if the URL or IP address, which the certificate was created for, has changed.

You can replace certificates with the aid of a script included with Intrexx. When you execute this script, a new self-signed certificate will be generated automatically.

You can find the script in the <installation directory>/bin/<operating system>/createcertificate

The script can be called with the following parameters:

-h, --help: Opens a help text in the console

-p, --portal: If you want to replace a portal certificate, the portal directory must be specified here.

An example script call for replacing a portal certificate could look like this: createcertificate.sh -p /opt/intrexx/org/portal --san dns:www.example.org ip:127.0.0.1