How to get a client certificate/client authority for outgoing TLS/SSL connections? ( Deployed App )

0
Hello Mendix community! I wonder if anyone know where I can get a client certificate(PKCS12 format) or a client authority(PEM format) for outgoing SSL/TLS connections when running a deployed application in the cloud? I noticed that I could use the EmailConnector without any issues locally but when running the application in the cloud I need to re-configure the whole Email Connector module and setup an account again but also need this certificate for it to work.   B.R David Sävenmark 
asked
1 answers
1

Hi David,

 

you can use openSSL to generate a .CSR (signing request) which can be signed by a CA (certificate authority), so it’s verified by a trusted party.

The PKCS12 is sort of a zipfile containing the private key and signed certificate. 

 

For incoming connections, creating you own CA with openSSL is most safe, because this way, you are the only one that can sign certificates with this CA. If you take a verified CA, in theory, everyone can have access to your application.

 

So in short for outgoing connections:

  1. Create CSR with openSSL (which will also give you a private key)
  2. Get the CSR to be signed by a verified CA
  3. Combine the PEM and Private key into PKCS12

So in short for incoming connections:

  1. Create CSR with openSSL (which will also give you a private key), and create your own CA (this will result in the PEM needed for the outgoing connection)
  2. Sign the certificate with your own CA
  3. Combine the PEM and Private key into PKCS12 (this is the certificated needed to connect from elsewere to your application)

Have a look at the Mendix documentation.

 

answered