Casewhere service certificates
Some features in Casewhere require an X.509 certificate to function, such as encrypting data, signing authentication requests, etc. Although you can purchase X.509 certificates from a trusted certification authority, for certain scenarios, it's totally OK to use self-signed certificates for these purposes, so if you're not familiar with them, you can learn to create them here.
To work with Azure App Service, you can learn how to upload a private certificate here. Uploading public certificates can be done as described here.
Key protection certificate
Casewhere encrypts data using symmetric cryptography. It stores the cryptographic keys in MongoDB and protects them at rest using an X.509 - the key-protection certificate.
After installing the certificate, you must update the following settings in three Casewhere applications, i.e., Worker.Api, Configuration.Web and Hangfire:
| Key | Description |
|---|---|
| dataProtection:KeyProtection:Thumbprint | The certificate thumbprint. For example: 0c456d28086b4a13aa2a11730dc1dab4e8ba2922 |
| dataProtection:KeyProtection:StoreLocation | The place where you install the certificate. For Azure App Service, you must set it to CurrentUser. |
Service provider signing certificate
The communication between Casewhere, as a service provider, and identity providers must be secured. It is required that Casewhere must supply a X.509 certificate for signing/verifying authentication requests.
After installing the certificate, you must update the following settings in two Casewhere applications i.e. Configuration.Web and Hangfire:
| Key | Description |
|---|---|
| idpConnection:SPSigningCertificateThumbprint | The certificate thumbprint. For example, d95c06939cb37f18c31ffcfebe76e8d9e0b040c2 |
| idpConnection:SPCertStoreLocation | The place where you install the certificate. For Azure App Service, you must set it to CurrentUser. |
| idpConnection:SPCertStoreName | The store name where you install the certificate. For most deployments, it is My. |
Identity provider public certificate
To secure communication between Casewhere and identity providers, the identity provider needs to provide a public certificate. This certificate is crucial for verifying the authenticity of authentication responses sent to Casewhere. When Casewhere receives an authentication response, it uses the public certificate to validate the response's signature, ensuring it comes from a trusted identity provider and hasn't been tampered with during transmission. This method helps maintain the integrity and security of the authentication process, preventing unauthorized access and ensuring that only legitimate responses are accepted.
After installing the certificate, you must update the following settings in two Casewhere applications, i.e., Configuration.Web and Hangfire:
| Key | Description |
|---|---|
| idpConnection:IdPCertStoreLocation | The place where you install the certificate. For Azure App Service, you must set it to CurrentUser. |
| idpConnection:IdPCertStoreName | The place where you install the certificate. For Azure App Service, you must set it to My. For on-premise deployments, a common practice is installing the certificate in TrustedPeople. |