Forge Component
(6)
Published on 19 Mar (4 weeks ago) by João Barata
6 votes
Published on 19 Mar (4 weeks ago) by João Barata

Initial Considerations

In order to be able to consume a Rest Endpoint that requires a client-side certificate, we will need to use the Rest Extensibility API

This component exposes 3 methods that already implement the needed .Net code.


Instructions for PaaS Infrastructures


For PaaS installations (Outsystems Cloud) you will need to open a Support Case requesting our support team to add the needed certificate to your infrastructure. You will then be provided the Certificate path needed to call this component actions. 

Make sure you send the certificate in a .pfx or .p12 format and that you provide the certificate password so that it can be added to the infrastructure.


Instructions for On-Premise Infrastructures

For On-prem installations, you will need to add the certificate into the Front-Ends trusted certificate stores.

Start by going to the server an place the .pfx or .p12 certificate into a folder. This folder will need to be the same across all the front-ends. 

Then follow the instructions to install the certificate on the front-end. Install a trusted root CA or self-signed certificate

You may also need to configure the TLS versions used on Integrations. Enable SSL Protocols for your Integrations


Available Methods


ConsumeWS_GET


This action will perform a GET request to the specified endpoint including the ClientSide Certificate

The component has a demo link that should let you make a Get request to test the API endpoint using a Client-Side Certificate


ConsumeWS_POST

This action will perform a POST request to the specified endpoint including the ClientSide Certificate

The component has a demo link that should let you make a Post request to test the API endpoint using a Client-Side Certificate


AddClientCertificate (Recommended)

This action will let you add the client-side certificate to a REST call using the platform built-in Rest mechanisms.

Go to the Rest Endpoint and add the OnBeforeRequestAdvanced action.


Add the AddClientCertificate action to the OnBeforeRequestAdvanced and pass in the certificate path configured on the previous step, password and TLS Version (Defaults to TLS1.2)


You can now use this endpoint as you would normally use any other Rest in Outsystems


For On-Premise Infrastructures, it might also be needed to do the following steps after following the instructions to install the certificate on the front-end. Install a trusted root CA or self-signed certificate

Grant access to the certificates to IIS

  • Right-click on the certificates you just imported and access All Tasks -> Manage Private keys ...
  • Add users/groups NETWORK SERVICE and IIS_IUSRS (Windows 2008R2) or IIS_WPG (Windows 2003) with at least Read access. 
  • Click Apply and close the dialog.