SSL Certificate

Once an FQDN is registered and associated, the endpoint custodian must purchase an SSL certificate from one of the main public Certificate Authorities (CA). The endpoint custodian cannot use a self-signed certificate without breaking SSL negotiations with the service. The certificate can be a named or wildcard certificate.

In case of the example above a certificate for webportal.xyzcorp.com or *.xyzcorp.com from Thawte, Digicert, or Verisign would be more than sufficient. The endpoint custodian's budget determines the duration and type of certificate that they purchase. Once the certificate is purchased, it must be applied to the endpoint(s). Generally, it is easiest to use a reverse proxy between the service and endpoint(s) and apply the certificate there for simpler administration. If any one piece of the valid URL is missing then SSL negotiations between the service and the endpoint will fail.

In the case of outbound SMS messages from the endpoint to the service, the same principals apply. However, the service typically has already configured and registered their SSL certificates and FQDNs so there is nothing needed on the part of the endpoint custodian.

See also Using SSL.