This article describes how certificates are managed in the OutSystems cloud and self-managed deployments.
Application server certificates
According to OutSystems system requirements, the application server must be configured with a valid SSL certificate emitted by a public Certificate Authority.
This section describes how certificates are managed in the OutSystems cloud. The information present here can describe a process different from your past experience as it's intended to adapt to the short-lived certificate limitations implemented by the browser vendors owning most of the web browser market share.
Default OutSystems cloud server certificate
Your OutSystems cloud environments are automatically deployed with the default and valid SSL
outsystemsenterprise.com wild card certificate. This certificate and it's domain are owned and managed by OutSystems. It can only be used by OutSystems.
Furthermore, on September 1, 2020, most browser vendors will no longer trust certificates that are valid for more than 398 days. To accomodate these changes OutSystems will regularly rotate the
outsystemsenterprise.com certificate, check here for more details.
OutSystems will communicate the certificate change whenever possible. However, OutSystems reserves the right to change the certificate without prior communication or in short notice.
Using your own domain and certificate in OutSystems cloud servers
It's possible, and highly advisable, to customize your environment hostname and SSL certificate. This will allow you to be independent when implementing certificate related features, such as SSL pinning.
In this situation, the certificate and it's associated domain are owned by the customer. OutSystems is responsible for the certificate instalation but it's the customer's responsibility to monitor it's expiration and submit a request for the renewal.
On the road to fast development and deployment of applications make sure to consult this article for instructions on how to install a certificate in your application server. This allows your OutSystems applications to use secure connections via HTTPS.
The server certificate, it's associated domain and the instalation are of the customer's responsibility.
Add certificate to trusted root store
When integrating with external systems (for example: when consuming webservices, integrating with external databases or with an Active Directory), there is often the requirement to do so over HTTPS.
When those external servers possess a certificate that isn't trusted (such as a self signed certificate) it's necessary to add it to the clients' (in this case the Platform Server) trusted root store.
Find here the instructions to add certificates to the trusted root store in the OutSystems Cloud.
In this situation, the certificate is owned by the customer. OutSystems is responsible for the certificate instalation but it's the customer's responsibility to monitor it's expiration and submit a request for the renewal.
You'll also need to add the certificate to the trusted root store for the cenarios described. Follow the instructions of your current operating system. The certificate, and the instalation are both of the customer's responsibility.
When consuming a web service it's often necessary that the request is authenticated. Or of the possible authentication forms is using client side certificates. The client side certificate then needs to be configured in each front-end of the environment that will consume the Web Service.
The client certificate is owned by entity that owns the webservice (that provides it to the customer). Developers are responsible to make sure that the certificate is sent on the requests.
OutSystems is responsible for the certificate instalation but it's the customer's responsibility to monitor it's expiration and submit a request for the renewal.
To install a client-side certificate on OutSystems Cloud please follow these instructions.
Follow this article for instructions on adding the self-signed ceritificate to the trusted root store.
The customer is both responsible for installing the certificate and monitoring it's expiration date.