Pega Robotics Solution exposed as a web service using HTTPS
Hi everyone!
I've setup a solution which uses the Service item to expose parts of the solution as a web service and generates the WSDL for the client to consume (attached jpeg of the bits related to my questions).
I've tested successfully using HTTP service binding. I need to add security and use HTTPS before deploying in a production environment.
I can add HTTPS to the service binding and it gives you an option of using a certificate. I've asked for a certificate to be created in-house, but have never dealt with their creation before.
They've asked me to generate Certificate Signing Request (CRS). Is there a way to generate this within Pega Robotics Studio? Does it use a version of IIS that I would need to generate it from?
When I'm given the certificate do I need to add/change anything for the Service Contracts listed in the Service?
When setting the Client Credential to Certificate under the HTTPS service binding are there any other modifications I should update?
Do I need to handle any of the HTTPS security within an automation or will it be as seamless as it is to use HTTP once I have the certificate?
Is a certificate even the best way to enable HTTPS communication in a Pega Robotic solution exposed as a web service?
Thank you for any assistance or ideas!
Ava
Pegasystems Inc.
US
Ava,
Please see the response below in bold.
They've asked me to generate Certificate Signing Request (CRS). Is there a way to generate this within Pega Robotics Studio? Does it use a version of IIS that I would need to generate it from?
The certificate should come from the IIS server that is hosting the web service. The certificate is used to set up trust between the client machine (Pega Studio or Pega Runtime machine) and the IIS server that provides response to the web service request.
When I'm given the certificate do I need to add/change anything for the Service Contracts listed in the Service?
You shouldn't have to adjust the service contract if the same service contract setup is being used on the https host server.
Ava,
Please see the response below in bold.
They've asked me to generate Certificate Signing Request (CRS). Is there a way to generate this within Pega Robotics Studio? Does it use a version of IIS that I would need to generate it from?
The certificate should come from the IIS server that is hosting the web service. The certificate is used to set up trust between the client machine (Pega Studio or Pega Runtime machine) and the IIS server that provides response to the web service request.
When I'm given the certificate do I need to add/change anything for the Service Contracts listed in the Service?
You shouldn't have to adjust the service contract if the same service contract setup is being used on the https host server.
When setting the Client Credential to Certificate under the HTTPS service binding are there any other modifications I should update?
You should install the certificate on to the client machine (the Pega Studio or Runtime machine that you are using to test an access the web service with).
Once you have the certificate installed, you have two options.
You can navigate to the location of the certificate using the ClientCertificate browser option under the security section of the service client binding,
Or you can specify the certificate store location using the drop down options under the security section
- FindValue
- FindType
- StoreName
- StoreLocation
Please keep in mind before deploying the project, the same store location will be expected on the Runtime machine as entered during development.
Do I need to handle any of the HTTPS security within an automation or will it be as seamless as it is to use HTTP once I have the certificate?
No it should be handled seamlessly.
Is a certificate even the best way to enable HTTPS communication in a Pega Robotic solution exposed as a web service?
All the certificate does is ensure that the communication between the client machine and the web service's server is only to users that have been issued the public key certificate.
It is not mandatory to use a certificate with web service, but if the response information contains sensitive data , it is to your best interest to do so.