Web services / Security |
If no HTTPS is provided, Genero Web Services (GWS) does the HTTPS request transparently.
For GWS, use an implicit certificate when no HTTP configuration is provided. For stronger security, you can provide HTTPS configuration with your own certificates and CA list.
For the implicit certificate, no configuration is required. GWS creates a temporary certificate for the HTTPS request. The temporary certificate is valid for the application session.
For the explicit certificate, configure your certificate with fglprofile entries.
For access to a specific site, specify security.ident.certificate and security.ident.privatekey.
If you use the same certificate across all sites, specify security.global.certificate and security.global.privatekey.
Certificate authorities are provided by the system (the operating system keystore). If they are not provided by the system, they are looked for in FGLDIR/web_utilities/certs. Genero Web Services will laod the CA from the directories listed in the fglprofile entry "security.global.ca.lookuppath". This entry is a list of directories, separated by a semicolon.
You can configure your CA list with the fglprofile entry security.global.ca.