leandre | 2022-04-05 18:43:37 UTC | #1
Hello,
I'm looking to add mTLS to my web service that should be only accessible using the Genesys Cloud data actions. I've already added the other security methods out of the 4 recommended (https://help.mypurecloud.com/articles/security-for-data-actions/) and I only have mTLS left.
1- I was wondering what's the best approach to auto update the public CA certificates that you provide. I've seen that the public cert may change at any time, but how can make sure we always have the newest one installed, obviously, without having to rely on personnel do declare that a feature is no longer working as intended. Is there any way to auto update the public cert on a Windows server? Do you give a notice a few days in advance to tell us to update the certificates?
2- Also, do you have any tutorial on how we can add that mutual authentication in IIS? Right now, I have imported the latest public certificates. I disabled Anonymous authentication and added require SSL in the SSL settings. What else do I have to modify in the configuration to only accept the PureCloud data action certificate?
Thanks a lot.
Jason_Mathison | 2022-04-05 19:36:02 UTC | #2
Hi leandre,
For #1 you generally only need to install one certificate, unless you are supporting Genesys Cloud organizations that are in more than one region. The certificate that you are installing is a root certificate that is good until 2039. The actual certificate that is used at run time is signed by that certificate, so new certificates shouldn't require any work on your part for a very long time.
For #2 we do not have a tutorial as we did not think it was appropriate for us to try to document a "correct way" across an innumerable number of different use cases and web servers. Googling for "IIS mtls" I found this document, that seems to cover generally what you might want https://support.polycom.com/content/dam/polycom-support/products/voice/polycom-uc/other-documents/en/mutual-tls-provisioning-with-iis-tb52609.pdf
One key thing from that document is to set "client certificates" as required.
--Jason
system | 2022-05-06 19:13:23 UTC | #3
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 14176