Secret Management

Client certificates can be used in Integration Flows to setup secure connections with third-party webservice endpoints. A single client certificate (that is issued by a third party for a certain tenant) can be used in different Integration Flows for that tenant. So a client certificate is Integration Flow agnostic. Therefore, client certificates have to be registered upfront before deploying the Integration Flow for a tenant. That's where Secret Management comes in. Secret Management provides a secured Azure key vault per tenant and facilitates uploading client certificates as secret versions with a proper identifier. First you have to select a tenant from the list of available tenants. You can use the tenant filter to get the right tenant:

image.png

After the tenant is selected the corresponding general tenant information and list of secrets for that tenant is shown in the right side of the portal:

image.png

If you want to upload a new client certificate as a secret for the tenant, click on "Create secret" button and following dialog appears:

image.png

Alias is a required field and has to be filled with a unique identifier for the client certificate on a per tenant level. So that from an Integration Flow perspective the client certificate can be fetched via tenant Id and secret alias. To upload a client certificate as a secret, the client certificate has to be provided as a PEM or PFX file, containing both public and private key. Secret password is an optional field. Depending on whether or not the certificate file contains an encrypted key the password field must be filled in. The activation date for the secret is also an optional field. Setting a custom activation date is optional. By default the valid from date of the client certificate will be used.

IMPORTANT: The Customer is responsible for the delivery of a valid client certificate issued by a third party. Those client certificates will be registered and stored in U4IK’s Secret Management by Unit4. The Customer has to fulfil the process of creating Certificate Signing Request (CSR), getting the CSR signed by issuing party and receiving signed certificate. The client certificate has to be delivered to Unit4 in PEM or PFX format.