- Contents
SSO Identity Providers Technical Reference
HTTPS digital certificate
This certificate provides trusted, secure communications between the user agent (CIC client application) and the service provider (CIC server).
Each time that the CIC server starts, it searches for its HTTPS certificate.If it does not find the HTTPS certificate, it creates it, a private encryption key, and a public encryption key, using the Fully Qualified Domain Name (FQDN).
Tip: Genesys recommends using FQDN addressing for all servers and subsystems entities in a CIC environment.
The following diagram shows how a CIC Single Sign-On environment uses HTTPS certificates:
|
Step |
Description |
|
1 |
Before a CIC client application can trust the messages from a CIC server, the administrator must copy the HTTPS certificate from the CIC server. |
|
2 |
The administrator imports the HTTPS certificate from the CIC server into the Trusted Root Certificate Authorities Certificate Store on each machine that will host a CIC client application for Single Sign-On. A common method of importing the HTTPS certificate of the CIC server to client workstation is that of Group Policies through Microsoft Active Directory. |
|
3 |
The CIC client application, now updated with the HTTPS certificate of the CIC server, can validate and trust communications from the CIC server. |
|
4 |
The identity provider sends its own HTTPS certificates in Single Sign-On communications with the CIC client. Since the Trusted Root Certificate Authorities Certificate Store of the machine hosting the CIC client application has already has entries for most Certificate Authorities, the CIC client application can validate and trust communications from the identity provider. |
Important!
The address that the CIC client application uses to access CIC server resources
must match the address within the HTTPS certificate in its Trusted Root
Certificate Authorities Certificate Store of the workstation hosting the
CIC client application.
For example, if the CIC client application attempts to use a resource on
the CIC server through a DNS A record of cic-server.example.com and the
certificate in the Trusted Root Certificate Authorities Certificate Store
of the workstation was generated with cic-serv1.example.com for a specific
CIC server in a switchover pair, the validation of the certificate fails.