The Inbound HL7 device support supports SSL/TLS tunnels via certificate exchange. This device, acting as an HL7 receiver, can provide a certificate to HL7 senders. Additionally, it can require and validate certificates sent by HL7 senders as part of the connection negotiation.
...
Enable SSL within the device configuration
Specify which certificate will be provided to clients.
...
Next, you You need to specify a certificate to be provided to each sender (as part of the communications negotiation). If your data is crossing a publicly-accessible network, we recommend the use of a thrid-party purchased certificate. This type of certificate would be installed on the Connexion host operating system and then selected from the ‘Installed (Subject Name)’ drop-down list.
...
If you are operating within a private network and you have control of the sending side, you can generate a self-signed certificate using the ‘Generate Self-Signed Certificate’ button. You will need to Export this certificate and provide it to the sending system, as self-signed certificates must be explicitly trusted by the sender (typically by being installed into a certificate store).
| Note |
|---|
The Connexion (or Remote Agent) account must have read access to the certificate private key. You may see errors similar to In this case you should open the Windows certificate manager, select the certificate, right-click → Then add the service account, selecting |
Client Certificates
If you wish to validate the identity of each sender, you can require each sender to provide a certificate. The client-provided certificate will be matched against a list of accepted certificate thumbprints, and only those within the list will be allowed to connect.
...
To generate a new client certificate, click the Create New option followed by the export Export link. Provide the exported .cer file to the customer.
...