Using the OS certificate store with TLS/SSL

Primary tabs

There's an easy new way to add certificate authority (CA) certificates to your SSL/TLS configurations on InterSystems IRIS 2019.1 (and 2018.1.2) on Windows and Mac.  You can ask IRIS to use the operating system's certificate store by entering:

%OSCertificateStore

in the field for "File containing Trusted Certificate Authority X.509 certificate(s)".   Here's an image of how to do this in the portal:

And here's a link to the documentation which describes this.  It's in the list of options under "File containing trusted Certificate Authority certificate(s)".

That's all you need to do!  Now this configuration will accept certificates issued by any CA listed in the OS certificate store.

Comments

This is a simple way to make a secure connection using the same certificates as, say, your browser. If you trust Safari to go to https://example.com/, then you can use this to do the same in InterSystems IRIS. If the certificate on the other end was issued by a well known CA, then it will likely work.