In Riva On-Premise 2.4.43.38373 or higher, it is possible to configure Riva to perform an advanced certification validation. Among other options, a specific thumbprint certificate can be defined as a requirement for secure HTTP (HTTPS) communications.
By default, when establishing secure communication, a Riva connection accepts all certificates, including self-signed certificates, and ignores certificate validation errors.
The following Riva connections support per-connection defined validation of the server certificate:
- Office 365 and Exchange.
- Salesforce.
- Microsoft Dynamics CRM.
- Oracle CRM On Demand.
- SAP Hybris Sales (SAP C4C).
Two levels of custom validation of the server certificate are available: application-level and connection-level overrides.
- Connection-level override validation. This is validation for one connection and overrides the application-level validation for that connection.
- Application-level validation. This validation applies as the default for all connections.
Connection-Level Validation (Overrides Application-Level Validation for a Connection)
To configure the certificate validation used for secure HTTP communication for a specific Riva connection:
-
In the Riva Manager application, on the menu bar, select Setup.
-
In the right pane, double-click a connection to edit it.
-
In the window that appears, select the Advanced Options tab.
-
On the Advanced Options page, configure the following settings.
Secure HTTP Communication Certification Validation:
- Certificate Validation Type: The type of security validation applied to the secure HTTP communications between the connection and external resources.
Select one of the following:- Default: The application-level certificate validation type. If the application-level configuration has not been configured, the connection uses the Trust All validation type.
- Standard: The standard certification validation process, fails to establish a secure channel when errors are encountered including: uninstalled self-signed certificates, mismatch of certificate CN (common name/hostname), certificate expiration, and unknown certificate authority.
- Trust All: Allows communication to any certificate and ignores certificate errors.
- Thumbprint Override: Establishes a secure channel only if the certificate thumbprint matches the certificate received from the web server.
- Certificate Thumbprint: The unique certificate thumbprint that is used to identify a specific certificate.
- Certificate Validation Type: The type of security validation applied to the secure HTTP communications between the connection and external resources.
-
In the bottom right corner of the Connection Edit window, select Save.
Application-Level Validation
To configure the default certification validation used for secure communication:
-
Create or update an App.Setting file to apply the following advanced option:
-
<add key="Certificate.Compliance.CertificateValidationType" value="Type" />, where Type is TrustAll or Standard.
- TrustAll: (Default. If the option has not been changed, this is the default value of the application-level validation.) When establishing secure communication, it accepts all certificates, including self-signed certificates, and ignores certificate validation errors.
- Standard: The standard certification validation process, fails to establish a secure channel when errors are encountered including: uninstalled self-signed certificates, mismatch of certificate CN (common name/hostname), certificate expiration, and unknown certificate authority.
-