I’m a bit lost with https and wss in component integration : since I use embedded librairies in myC# client code, what shall do to implement these ? How will the SDK API calls I stacked into my code handle the secure versions of the protocol ? I know that I can force the AddServer API to use https for the credentials negociation but not much more about what implies seting the flag to “yes” (=“yes, do it with https”). And who is going to handle the cryptography on transaction after TLS negociation ?
The Milestone_HardeningGuide_en-US.pdf is not clearing the SDK situation much, the clients in it are mostly seen as XProtect clients, not external clients.
The Milestone implementation (MIP Library dlls) will always use secure encrypted communication if the server has it enabled and the client is able to use it. This means that if you have set the SecureOnly flag no communication will be unencrypted.
Thanks for the confirmation. I’m going to set the flag to true in the API call.
My question now is : what have I to do to manage certificates between third-party (i.e. my system with embedded Milestone libs) and Xprotect system ? I’m ready to handle it manually for now as no PKI infrastucture is defined yet but what are the manual simple steps to get a working https between the two ?
I understand that this is a general question regarding certicates management, and is not specific to XProtect maybe but anyway I’ll take any answer as a silver bullet.
I think you can view a MIP SDK based application as a client just like the Smart Client, and then you might find the answers in the hardening guide and certificates recommendations.
I hope the general idea to treat the clients as the same thing is something that will make it easier..
