A security certificate is required to create an encrypted, authenticated channel between the XMPP server and clients, as well as federated servers and the Vocera XMPP Adapter on the appliance.
The Vocera XMPP Adapter and Vocera Vina clients require Transport Layer Security (TLS) protocol encryption for the XMPP stream.
A security certificate is required to create an encrypted, authenticated channel between the XMPP server and clients, as well as federated servers and the Vocera XMPP Adapter on the appliance. Additionally, if the customer is in the iOS Developer Enterprise Program and will re-sign and re-distribute the Vocera Vina application, they may want to provide their own APNs certificate.
To support TLS, the Vocera XMPP Adapter has the ability to generate a self-signed certificate, as well as generate a Certificate Signing Request (CSR). A CSR is submitted to a Certificate Authority (CA) in order to obtain a certificate signed by the CA (a security certificate). Each configuration for the Vocera XMPP Adapter will maintain its own TLS certificate, as well as its own temporary certificate for a CSR in progress.
To use a signed security certificate, customers will generate a CSR from the XMPP Certificate Manager, send the CSR to a Certificate Authority (such as VeriSign) to receive a signed certificate in return, and upload the signed certificate to the Vocera XMPP Adapter using the XMPP Certificate Manager.
Upon startup, the Vocera XMPP Adapter immediately checks the expiration date of the current certificate. For all XMPP configurations which use a certificate that was signed by a Certificate Authority, the Vocera XMPP Adapter also registers a service which will check the expiration date on the signed certificate. If the service determines that a certificate expiration date is within one month of the current date, notification is sent as an audit event. When a self-signed certificate expires, the Vocera XMPP Adapter replaces the expired certificate with a newly generated self-signed certificate. CA signed certificates are not automatically replaced.
Log into the Vocera Platform Web Console to access the XMPP Certificate Manager in the Additional XMPP Adapter Actions panel as shown below. The Certificate Manager provides the ability to:
- View certificate information for this configuration.
- Download the certificate for this configuration.
- Upload a new certificate for this configuration.
- Delete the certificate for this configuration.
- Generate and download a CSR.
- Upload an Apple APNs certificate.
