...
Type of Certificate | Area | Purpose | Owner / Process | Resources |
|---|---|---|---|---|
TLS/SSL certificates (Pricefx exposes a web service or page) | Access to Pricefx operated web services. Anything under the domains http://pricefx.com and http://pricefx.eu. | To secure the communication connection. These certificates are all signed and trusted by a commonly acknowledged Certificate Authority (CA). I.e. even after a certificate changes, any client should trust the new certificate by a shared CA trust. Browsers do this by default. Mileage varies for other clients (in particular in integration space). | These certificates are maintained by Pricefx. | https://api.pricefx.com/rest-api/authentication/ Pricefx only: https://pricefx.atlassian.net/wiki/spaces/EN/pages/3673391182/JWT+authentication+with+external+JWT+token+to+pricefx+partition |
TLS/SSL certificates (Pricefx as client) | Access to outside web services (customer or public). | To secure the communication connection. Just like above, but reverse. Pricefx (should) trust all commonly used CA signed certificates. However, if e.g. the customer uses self-signed certificates, they (their public part) need to be imported client-side to be trusted. | The owner of the certificate needs to renew and distribute the updated public parts before the expiry date. | |
Single sign-on (SAML Certificate) | User login to Pricefx applications | Enables single sign-on to Pricefx applications. Certificates are used to verify the SAML signature. Pricefx uses here the public certificate part from the Identity Provider. | Customer IT department issues this certificate and distributes it manually to Pricefx for installation or publishes it in the federationmetadata.xml manifest (which needs to be set as trust anchor in Pricefx). |
This explanation can be downloaded as a PowerPoint presentation here.