Communication Security

Tweaks to Client Application Config

Users additionally have a number of config options in regards to security within the client application.

Scenario 1: TCP connection with certificate in directory

Users wishing to load a certificate from a file should:

Set UseLocalCertificate to false, and
Set ClientCertificate & ClientCertificatePassword.

These need to be set for users to access and should use the client certificate for authenticated TCP connections.

Additionally, TrustedServers is needed for the tray application to recognize integrator applications that are known to be trusted. If all integrator applications can be trusted, it can either be left empty or removed.

NB: The public key of the server certificate should be set as a value.

{

"UseNamedPipe": false,
"UseLocalCertificate": false,
"ClientCertificate": "MyClient.pfx",
"ClientCertificatePassword": "password",
"TrustedServers": [
"MIGJAoGBAJkzpXgmu5TeNR5mdatFZEzaTyMvKp91rUV5IsgMBAAE="
],

}

Scenario 2: TCP connection with certificate from local machine or user store

To load a certificate from the machine or user certificate storage:

Set UseLocalCertificate to true, and
ClientCertificate and ClientCertificatePassword can be removed.

For the certificate to be found, the ClientCertificateThumbprint must provide the thumbprint of the certificate stored in the keystore.

Additionally, TrustedServers is required for the tray application to recognize trusted integrator applications. However, like in Scenario 1, if all integrator applications can be trusted, it can also be left empty or removed. The public key of the server certificate should be added as a value.

{
"UseNamedPipe": false,
"UseLocalCertificate": true,
"TrustedServers": [
"MIGJAoGBAJkzpXgmu5TeNR5mdatFZEzaTyMvKp91rUV5IsgMBAAE="
],
"ClientCertificateThumbprint": "3A396124E4435F661D8B211EA5AE118C132F5B34"
}

Scenario 3: Secure Named pipe communication with certificate from local machine or user store

In this scenario, SecureCommunication must be set to true in order to enable secure communication.

If the user wants to load a certificate from a local machine or user certificate storage:

ClientCertificateThumbprint needs to provide the thumbprint of the certificate stored in the keystore, thereby allowing the certificate to be found.
TrustedServers is needed for the tray application to recognize integrator applications that are known to be trusted. It can be left empty or removed if all integrator application may be trusted.

NB: the public key of the server certificate should be saved as a value.

{
"UseNamedPipe": true,
"SecureCommunication": true,
"TrustedServers": [
"MIGJAoGBAJkzpXgmu5TeNR5mdatFZEzaTyMvKp91rUV5IsgMBAAE="
],
"ClientCertificateThumbprint": "3A396124E4435F661D8B211EA5AE118C132F5B34"
}

Tweaks to Client Application Config​

Scenario 1: TCP connection with certificate in directory​

Scenario 2: TCP connection with certificate from local machine or user store​

Scenario 3: Secure Named pipe communication with certificate from local machine or user store​

Tweaks to Client Application Config

Scenario 1: TCP connection with certificate in directory

Scenario 2: TCP connection with certificate from local machine or user store

Scenario 3: Secure Named pipe communication with certificate from local machine or user store