IMPAX 6.5.1 Application Server Knowledge Base > Administering SSL certificates
Secure Socket Layer (SSL) is a protocol for securing data transmissions across the Internet. SSL is an integral part of virtually all web browsers and web servers. To establish an SSL connection, the SSL protocol requires that a server has a digital certificate installed. A digital certificate is an electronic file that uniquely identifies individuals and servers. After the SSL session has been established, all information that passes between the client and the server is encrypted.
How does SSL ensure secure communications?
SSL enables secure online communication by combining three elements:
Authentication: A digital certificate is associated with a specific domain name. Before issuing a digital certificate, the certificate authority (CA) performs authentication and verification checks to confirm the identity of the organization requesting the certificate and whether it has the right to use the domain name that will be associated with that certificate.
Encryption: Encryption is the process of transforming information to make it unintelligible to all but the intended recipient. This forms the basis of data integrity and privacy necessary for secure online communication.
Message Integrity: After an SSL session has been established, the contents of all communications between client and server are protected from tampering on route. All parties to the transaction know that the information they have received is exactly what originated from the other side of the SSL session.
How does IMPAX use SSL certificates?
By default IMPAX uses SSL certificates to:
Encrypt and protect any information passed between the servers and the clients in the IMPAX cluster, including user information, patient image data, and protected health information.
Encrypt and protect any information passed between the Application Server and other directory servers such as those located outside the IMPAX cluster and in the hospital network.
Where to get an SSL certificate
A certificate authority is a trusted third party responsible for issuing, revoking, renewing, and providing directories of SSL certificates. Certificate authorities follow rigorous procedures for authenticating and verifying the individuals and organizations to whom they issue certificates. All SSL certificates are signed with the certificate authority's private key to ensure authenticity.
Certificate authorities may perform the following checks:
Look up the domain to confirm that the applying company owns the domain.
Check the existence of the company to confirm that it is a legally registered organization.
Verify the identity of the individual requesting the certificate to confirm that they are an authorized representative.
Topic number: 11410 Applies to: IMPAX 6.5.1 Application Server Knowledge Base |