Conversation
|
|
||
| ## {{page-title}} | ||
|
|
||
| BaRS uses TLS-MA to communicate with Receiving endpoints. Receiving endpoints need a certificate under the NHS Root CA to facilitate TLS-MA. The receiver needs to follow these steps for Integration and Production environments. |
There was a problem hiding this comment.
The receiver needs to follow these steps to access Integration (INT) and Production (PROD) environments.
There was a problem hiding this comment.
Suggested changes made.
|
|
||
| BaRS uses TLS-MA to communicate with Receiving endpoints. Receiving endpoints need a certificate under the NHS Root CA to facilitate TLS-MA. The receiver needs to follow these steps for Integration and Production environments. | ||
|
|
||
| To onboard as a receiver follow these steps: |
There was a problem hiding this comment.
Is 'onboard' the right term? I think 'connect' or 'access' might be more appropriate
| Step 1: Apply for your domain [apply for a new nhs.uk domain](https://digital.nhs.uk/services/networking-addressing/apply-for-an-nhs.uk-domain-for-websites-and-web-applications). You must complete Section 5: For website or application records visible on the public internet. | ||
|
|
||
| Step 2: Request a certificate under the NHS Root CA. The FQDN must be an nhs.uk address. | ||
| * There are different certificate chains for INT and PROD |
There was a problem hiding this comment.
The detail about cert chains feels wrong here. It's only important once the cert is received.
| openssl req -new -key private.key -out request.csr | ||
| ``` | ||
|
|
||
| Step 4: Send the .csr file to be signed by the NHS and get the client certificate. To do this, follow these environment specific steps: |
There was a problem hiding this comment.
Change made (NHS England)
| Step 3: Email <england.bookingandreferralstandard@nhs.net> with Receiver URL for BaRS/API-M to add to the Endpoint Catalogue | ||
|
|
||
| #### Client certificate: Production (PROD) | ||
| Production endpoints can only be requested when Solution Assurance issue the supplier with the Technical Conformance certificate, |
There was a problem hiding this comment.
Make the note about having a TCC bold or highlighted in a different colour
| Step 2: Receive certificate from DIR Team | ||
| Step 3: Email <england.bookingandreferralstandard@nhs.net> with Receiver URL for BaRS/API-M to add to the Endpoint Catalogue | ||
|
|
||
| Step 4: INT and PROD copy the cert text inlcuding `-----BEGIN CERTIFICATE` as the first line and `END CERTIFICATE-----` as the last. Save this text locally as a file called barsinreceiver.cer (change the name to suit). |
There was a problem hiding this comment.
technically, the supplier should know what to do with the cert once they have it signed. steps 4-7 could be a separate section on installing and configuing their solution to use the cert.
That way we keep our actual steps down to 2-3 a piece.
| listenOptions.UseHttps(certPath, certPassword); | ||
| }); | ||
| }); | ||
|
|
There was a problem hiding this comment.
Add a link to Firewall changes here too
cda69
left a comment
cda69
left a comment
There was a problem hiding this comment.
added some comments for change/consideration
2 participants
No description provided.