HTTPS configuration

If no HTTPS is provided, Genero Web Services (GWS) does the HTTPS request transparently.

For GWS, use an implicit certificate when no HTTP configuration is provided. For stronger security, you can provide HTTPS configuration with your own certificates and CA list.

The implicit client certificate

For the implicit certificate, no configuration is required. GWS creates a temporary certificate for the HTTPS request. The temporary certificate is valid for the application session.

The explicit client certificate

For the explicit certificate, configure your certificate with fglprofile entries.

For access to a specific site, specify security.ident.certificate and security.ident.privatekey.

If you use the same certificate across all sites, specify security.global.certificate and security.global.privatekey.

Certificate authorities

Certificate authorities are provided by the system (the operating system keystore). If they are not provided by the system, they are looked for in FGLDIR/web_utilities/certs. Genero Web Services will laod the CA from the directories listed in the fglprofile entry "security.global.ca.lookuppath". This entry is a list of directories, separated by a semicolon.

You can configure your CA list with the fglprofile entry security.global.ca.