For security we, and the entire internet, rely heavily on SSL/TLS. More information on SSL/TLS can be found on Wikipedia
Our minimum required TLS version is 1.2. Also you must make sure your framework of choice sends an SNI-extension with your TLS handshake.
Any CSR you submit to us for signing needs to fulfill the following requirements:
- Your key-length is at least 2048 bit long.
- CN, OU, O, L, ST, C and email-address are filled.
- Your CN matches
name of your connector; lowercase; can not contain
-but can contain
provided by the customer, use
TE1002for CSR’s for development.
free text, like:
id2431; can not contain
-but can contain
- Valid examples:
At Nedap Healthcare we exclusively use OpenSSL, we suggest you do the same. Using OpenSSL you can generate a CSR with the following command:
openssl req -out my_connector-TE1002-example.csr -new -newkey rsa:2048 -nodes -keyout my_connector-TE1002-example.key
Now, OpenSSL will ask you for some more information. Then, it will generate
my_connector-TE1002-example.key. It is essential that you keep the
.key-file private, never send this to us or anyone else. The
.csr should be uploaded through Topdesk for us to sign. We will send you a
.pem-file. You should use this certificate to sign any calls made to our API’s.
GET-request to the
/ping endpoint on our API, make sure you use the URL matching the environment your certificate was made for. You can find the URLs for our different environments here.
For example, when testing your development certificate:
If your requests are being signed with the appropriate certificate, the service will respond with a
200 status code and
pong body. If you are not correctly signing your requests, the service will respond with a
403 status code.
Any of these ciphers can to be used to be able to make successful calls to the Nedap Healthcare endpoints:
If your programming language or platform of choice needs the entire CA chain. You can get it here: CA chain