Skip to main content
Skip table of contents

SSL certificates in use for Vertex Flow and DS

The increasing emphasis on cybersecurity has been evident in recent web browser updates, which encourage transitioning to secure TLS/SSL practices (i.e., HTTPS). For Vertex Flow and DS usage, transitioning to a certified SSL connection is possible. This guide discusses various options for SSL usage. If needed, we can assist in finding the most suitable solution.

HTTPS (Hypertext Transfer Protocol Secure) is a combination of the HTTP protocol and the TLS/SSL protocol used for secure data transmission on the web. Source

Can Flow's SSL protection be used without purchasing a certificate?

Yes, it can. Vertex Flow includes integrated SSL protection, but if the certificate's requirements are not met, various warnings and dialogs may appear in the browser. The following instructions ensure the best Flow user experience with an integrated SSL certificate.

Integrated SSL certificate for Vertex Flow (recommended method)

Vertex Flow includes an integrated SSL certificate, which automatically renews during Vertex Flow updates. Technically, the DNS service is configured with the IP address used by Flow and a DNS name in the format *.vertex.fi. Once this setup is complete, the certificate is operational. The DNS name resolution can be done either directly on the company's own DNS server (AD) or, by arrangement, through Vertex Systems Oy for public DNS services (http://vertex.fi ). It is also possible to use the local hosts file on individual workstations for very small deployments involving a few users or for testing purposes.

DNS, Domain Name System, is a name resolution system that converts domain names into IP addresses. Source

After the change, the Flow service network address will be in the format: https://flow-customer.vertex.fi

The validity of the Vertex Flow certificate updates during major version upgrades and maintenance updates. If there are additional questions regarding associating the Flow server's IP address with its corresponding DNS name in the DNS service, please contact support for assistance.

The customer procures their own SSL certificate (not recommended method).

Note: This incurs additional costs and annual maintenance work. The customer can obtain an SSL certificate themselves by setting it up on their own Apache server (reverse proxy) in front of the Flow service, or in specific agreed cases, this certificate can be integrated into the Vertex Flow service (Tomcat) by Vertex Systems as billable hourly work. (For example, the use of Let’s Encrypt is not possible in this context.)

The customer manages the DNS name for the public IP themselves and obtains the certificate from a well-known certificate authority (CA), such as Comodo or DigiCert. Following the certificate authority's instructions, the necessary certificate request details must first be submitted to the CA, such as:

CN=vertexflow.customerco.fi O=Customer Company L=City C=FI.

The certificate purchased from the CA must be in pfx (PKCS#12) format, and its integration must be arranged separately as billable hourly work.

After testing, the same setup is activated in production, after which the use of the HTTP protocol can be closed at the latest. Monitoring the certificate's expiration and renewal is the responsibility of the customer and the CA. The certificate is issued for only one year at a time and must be assigned to a designated person from the customer responsible for renewal with the CA.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close