Secure HTTP Communication Certification Validation

  • Updated

In Riva On-Premise 2.4.43.38373 or higher, it is possible to configure Riva to perform an advanced certification validation. Among other options, a specific thumbprint certificate can be defined as a requirement for secure HTTP (HTTPS) communications.

By default, when establishing secure communication, a Riva connection accepts all certificates, including self-signed certificates, and ignores certificate validation errors.

The following Riva connections support per-connection defined validation of the server certificate:

  • Office 365 and Exchange.
  • Salesforce.
  • Microsoft Dynamics CRM.
  • Oracle CRM On Demand.
  • SAP Hybris Sales (SAP C4C).

Two levels of custom validation of the server certificate are available: application-level and connection-level overrides.

Connection-Level Validation (Overrides Application-Level Validation for a Connection)

To configure the certificate validation used for secure HTTP communication for a specific Riva connection:

  1. In the Riva Manager application, on the menu bar, select Setup.

  2. In the right pane, double-click a connection to edit it.

  3. In the window that appears, select the Advanced Options tab.

  4. On the Advanced Options page, configure the following settings.

    Secure HTTP Communication Certification Validation:

    • Certificate Validation Type: The type of security validation applied to the secure HTTP communications between the connection and external resources.
      Select one of the following:
      • Default: The application-level certificate validation type. If the application-level configuration has not been configured, the connection uses the Trust All validation type.
      • Standard: The standard certification validation process, fails to establish a secure channel when errors are encountered including: uninstalled self-signed certificates, mismatch of certificate CN (common name/hostname), certificate expiration, and unknown certificate authority.
      • Trust All: Allows communication to any certificate and ignores certificate errors.
      • Thumbprint Override: Establishes a secure channel only if the certificate thumbprint matches the certificate received from the web server.
    • Certificate Thumbprint: The unique certificate thumbprint that is used to identify a specific certificate.
  5. In the bottom right corner of the Connection Edit window, select Save.

Application-Level Validation

To configure the default certification validation used for secure communication:

  • Create or update an App.Setting file to apply the following advanced option:

    • <add key="Certificate.Compliance.CertificateValidationType" value="Type" />, where Type is TrustAll or Standard.

      • TrustAll: (Default. If the option has not been changed, this is the default value of the application-level validation.) When establishing secure communication, it accepts all certificates, including self-signed certificates, and ignores certificate validation errors.
      • Standard: The standard certification validation process, fails to establish a secure channel when errors are encountered including: uninstalled self-signed certificates, mismatch of certificate CN (common name/hostname), certificate expiration, and unknown certificate authority.

Was this article helpful?

/