Providing Trusted Certificates for InterSystems IRIS to Use
InterSystems IRIS uses its own collection of trusted certificates to verify user certificates and signatures in inbound SOAP messages (or in XML documents). It also uses these when encrypting content in outbound SOAP messages or when encrypting XML documents. This collection is available to all namespaces of this InterSystems IRIS installation. To create this collection, create the following two files and place them in the system manager’s directory:
-
iris.cer — This contains root certificates, that is, trusted CA X.509 certificates in PEM-encoded format. This file is required if you want to use any WS-Policy or WS-Security features in InterSystems IRIS.
-
iris.crl — This contains X.509 certificate revocation lists in PEM-encoded format. This file is optional.
Note that you can have alternative root certificates used with specific InterSystems IRIS credential sets; see the next subsection.
Information on creating these files is beyond the scope of this documentation. For information on X.509, which specifies the content of certificates and certificate revocation lists, see RFC5280 (https://www.ietf.org/rfc/rfc5280.txtOpens in a new tab). For information on PEM-encoding, which is a file format, see RFC1421 (https://www.ietf.org/rfc/rfc1421.txtOpens in a new tab).
Caution:
Be careful to obtain certificates from a trusted source for any production use, because these certificates are the basis for trusting all other certificates.
This collection is not used for SSL.
