Security Profile

To use Security Profile, you have two options:

  • You may use a self-signed certificate. Self-signed certificates provide excellent security at the expense of requiring extra configuration on the client side. Self-signed certificates provide strong encryption, and can be used to provide authentication as well (in other words, proof that the sender is really who they claim to be).
  • You may install a certificate which has been signed by a trusted Certificate Authority (CA) for mutual authentication. Mutual authentication requires more effort to set up, but it brings additional benefit. On top of providing encryption and authentication of the client to the server, mutual authentiction provides authentication of the server to the client, which is especially useful if you have an interface that supports queries (i.e. may return protected data).

In either case, you will first need a self signed private key in a keystore and a corresponding public key in a truststore.

See here for information on creating these stores.

Securing the client

Once you have a truststore, it can be associated with the client (the sending application) by creating a CustomCertificateTlsSocketFactory. 

Error during retrieving content skip as ignoreDownloadError activated.

Securing the server

The server needs to be associated with a keystore containing a private key. If you are using an embedded Jetty instance, it will look like this: 

Error during retrieving content skip as ignoreDownloadError activated.

If the server is using a HAPI SimpleServer with the HL7 over HTTP LLP implementation, Encryption Profile can be used as follows: 

Error during retrieving content skip as ignoreDownloadError activated.