Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Certificates are used to establish „trust“ between two parties. Certificates always consist of a public part and a private one. Usually the certificate issuer keeps the private portion secret and publishes in some form the public part.

Certificates always have a lifetime (also called expiry date). Sometimes it is long (multiple years) but the trend is to have shorter expiry (months). Only the owner of the private part can renew a certificate. Hence it is this parties‘ responsibility to renew a certificate

We have use cases where Pricefx owns the private part (e.g. SSL certificates for web services we expose) as well as where we only use/import a public part from someone else (e.g. SAML SSO).

Type of Certificate

Area

Purpose

Owner / Process

TLS/SSL certificates

(Pricefx exposes a web service or page)

Access to Pricefx operated web services. Anything under the domains http://pricefx.com  and http://pricefx.eu.

To secure the communication connection.

These certificates are all signed and trusted by a commonly acknowledged Certificate Authority (CA). I.e. even after a certificate changes, any client should trust the new certificate by a shared CA trust.

Browsers do this by default.

Mileage varies for other clients (in particular in integration space).

These certificates are maintained by Pricefx.

TLS/SSL certificates

(Pricefx as client)

Access to outside web services (customer or public).

To secure the communication connection. Just like above, but reverse.

Pricefx (should) trust all commonly used CA signed certificates.

However, if e.g. the customer uses self-signed certificates, they (their public part) need to be imported client-side to be trusted.

The owner of the certificate needs to renew and distribute the updated public parts before the expiry date.

Single sign-on

(SAML Certificate)

User login to Pricefx applications

Enables single sign-on to Pricefx applications. Certificates are used to verify the SAML signature.

Pricefx uses here the public certificate part from the Identity Provider.

Customer IT department issues this certificate and distributes it manually to Pricefx for installation or publishes it in the well-known federationmetadata.xml manifest (which needs to be set as trust anchor in Pricefx).

This explanation can be downloaded as a PowerPoint presentation here.

  • No labels

Found an issue in documentation? Write to us.