MTLS-Unterstützung für Datenaktionen
Sie können die Sicherheit zwischen dem Datenaktionsdienst und Ihrem Webdienst mit Mutual Transport Layer Security (MTLS) erhöhen. Bei MTLS versorgen sich die beiden Dienste gegenseitig mit vertrauenswürdigen Zertifikaten.
Configure your service to ask the data actions service for an MTLS certificate and to trust certificates from the private certificate authority (CA) for your Genesys Cloud region. Each certificate includes a certification revocation list (CRL).
When you configure the web services data actions integration, either select Genesys Cloud or Digicert as the certificate authority.
Genesys Cloud as certificate authority
When you select Genesys Cloud as the certificate authority, the client certificate is directly signed by the regional Genesys private certificate authority with no intermediate certificates. The Genesys Cloud private root CA automatically rotates the client certificate every year. Trusting the regional CA ensures that no interruptions occur when the certificate is rotated.
In der folgenden Tabelle sind die regionalen Domänennamen der Client-Zertifikate für jede Genesys Cloud-Region aufgeführt. Stellen Sie sicher, dass Sie dem mit Ihrer Region verknüpften Zertifikat vertrauen.
| Genesys Cloud-Anmeldung | Regionale Domänennamen | Zertifikat (.zip) |
|---|---|---|
| Amerika (Kanada) | dataactions.prod-cac1.ca-central-1.mypurecloud.com | CA-Zentral-1 |
| Amerika (São Paulo) | dataactions.prod-sae1.sa-east-1.mypurecloud.com | SA-Ost-1 |
| Amerika (USA Ost) | dataactions.prod.us-east-1.mypurecloud.com | US-Ost-1 |
| Amerika (US-Ost 2) | dataactions.fedramp-use2-core.us-east-2.mypurecloud.com | US-Ost-2 |
| Amerika (USA West) | dataactions.prod-usw2.us-west-2.mypurecloud.com | US-West-2 |
| Asien-Pazifik (Mumbai) | dataactions.prod-aps1.ap-south-1.mypurecloud.com | APS-1 |
| Asien-Pazifik (Osaka) | dataactions.prod-apne3.ap-northeast-3.mypurecloud.com | APNE-3 |
| Asien-Pazifik (Seoul) | dataactions.prod-apne2.ap-northeast-2.mypurecloud.com | APNE-2 |
| Asien-Pazifik (Sydney) | dataactions.prod-apse2.ap-southeast-2.mypurecloud.com | APSE-2 |
| Asien-Pazifik (Tokio) | dataactions.prod-apne1.ap-northeast-1.mypurecloud.com | APNE-1 |
| EMEA (Dublin) | dataactions.prod-euw1.eu-west-1.mypurecloud.com | EU-West-1 |
| EMEA (Frankfurt) | dataactions.prod-euc1.eu-central-1.mypurecloud.com | EU-Zentral-1 |
| EMEA (London) | dataactions.prod-euw2.eu-west-2.mypurecloud.com | EU-West-2 |
| EMEA (Zürich) | dataactions.prod-euc2.eu-central-2.mypurecloud.com | EU-Zentral-2 |
| Naher Osten (UAE) | dataactions.prod-mec1.me-central-1.mypurecloud.com |
Digicert as certificate authority
When you select Digicert as the certificate authority, the data action MTLS client certificate is signed by a Digicert intermediate certificate that is rooted on a publicly trusted Digicert certificate authority. Configure your endpoint to trust the current client certificate explicitly and the upcoming certificate during the annual certificate rotation. Genesys Cloud provides an endpoint for all customers to query about the current and upcoming client certificate associated with your region.
The Genesys Cloud public API to retrieve the available MTLS certificates is api/v2/integrations/actions/certificates/. For more information, see API Explorer in Genesys Cloud Developer Center.
The optional query parameters for the public API endpoint are:
| Query param | Possible values |
|---|---|
| Status | Current, Upcoming |
| Signing Authority | Digicert, Genesys |
A sample output of the API call:
{
"entities": [
{
"signingAuthority": "DigiCert",
"certificate": "-----BEGIN CERTIFICATE-----
\r\nMIIFTzCCBDegAwIBAgIQAiR1dObCOTT5eSuynYFC2zANBgkqhkiG9w0BAQsFADBq\r\nMQswCQYDVQQGEwJV
UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwY...
b/BmD0WY51jgQSdTmkU11Mi5XdZ+bqkZL88He\r\n40p5a6E2HGTWd1CfCRz/T6rNOsvNekfSH1PXzTi/sWfx4rr
c4IKOtVbQZIyziLRI\r\nYr0GHu6jLFeGT3ma0v7gdffevw==\r\n-----END CERTIFICATE-----\r\n
-----BEGIN CERTIFICATE-----
\r\nMIIFXzCCBEegAwIBAgIQD/rh8xorQzw9muFtZDtYizANBgkqhkiG9w0BAQsFADBl\r\nMQswCQYDVQQGEwJV
UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\nd3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtE
aWdpQ2VydCBBc3N1cmVkIElEIFJv\r\nb3QgRzIwHhcNMTkwOTIzMTIyNTMyW...
oECzez2y/1IVTPl\r\nh57zBfjHJQFqLWzHdou8M+ucdJtr2swXII6s3nkq4pfEn7KnbzMS9quFSuyOGILc\r\ng
/3qVwaHNLM5R+8nB5gPI5+u5Uh56w1i+9Ds1pjYAiTHdeU=\r\n-----END CERTIFICATE-----\r\n
-----BEGIN CERTIFICATE-----
\r\nMIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl\r\nMQswCQYDVQQGEwJV
UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\nd3cuZGlnaWNlcnQuY29tMSQ...
WhsI6yLETcDbYz+70CjTVW0z9\r\nB5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWz
wPDCv\r\nON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo\r\nIhNzbM8m9Yo
p5w==\r\n-----END CERTIFICATE-----",
"status": "Current",
"type": "Client"
},
{
"signingAuthority": "Genesys",
"certificate": "-----BEGIN CERTIFICATE-----
\nMIIFYTCCA0mgAwIBAgIRAJksgLAGZ8Mor/v3MOmYwA0wDQYJKoZIhvcNAQELBQAw\ngZUxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdJbmRpYW5hMRUwEwYDVQQHDAx...
GT5KD0ruJX5KfqTxxShjV1Thkk2dxcg2l8ZcZJu2v58T+Xy9/\nvQ435njK19evaXXoTum7cxHJjF2DislWkhPii
fz/ID5/UP365Q==\n-----END CERTIFICATE-----\n\n",
"status": "Current",
"type": "Client"
}
].,
"pageSize": 20,
"pageNumber": 1,
"total": 2,
"pageCount": 1
}
An upcoming certificate is provided only for the DigiCert authority, and only if the current certificate has less than 90 days of validity remaining.
Weitere Informationen über die Integration finden Sie unter Über die Integration von Web Services Data Actions.
