none
Public Cert and ActionUrl needed RRS feed

  • Question

  • Hello HealthVault experts,

    I have finally managed to get my HV web app working correctly in pre-production mode on a Linux server.  I used the PHP API.  Now I want to go-live.  When I click the Go-Live link in the Application Configuration Center, it says I "Need an SSL enabled ActionUrl" and "Please attach the public certificate (.cer file) for the production version of your application to your Go-Live email request". 

    I have read and read link after link hour after hour on how to do all this stuff and it remains clear as mud.  It's all written for people who already know what they are doing.  My web app already generates the Authenticate link which takes the user to the HV login and then redirects back to my app.  So why do I need an ActionUrl? How to make one etc, etc?

    There is a .cer file that came with the PHP API examples.  Do I send that one in?  The PHP connect method sends an app.id, app.fp, and app.pem.  I'm guessing I need to replace the app.id with the one in the Home tab of the ACC? And the app.fp looks like a 40 char key similar to the one in the Public certs tab of the ACC so should use that?  The app.pem shows "-----BEGIN RSA PRIVATE KEY-----" followed by a whole bunch of encryption chars.  Do I use this one or am I supposed to come up with a new one?  How?

    Stuff I've tried:

    I found a ComputerCertificates app on my computer and noticed there was one with a thumbprint that matched the Thumb print in the Public certs area of the HV Application Configuration Center.  Then I exported it to a .pfx file and then tried importing it into the HealthVault Application Manager (V1.1) using the Import pfx button.  That produced the following error message: "Unhandled exception has occurred in your application.  Object reference not set to an instance of an object."

    Saturday, March 8, 2014 10:15 PM

Answers

  • For development purposes, on our PPE environment, we allow applications to specify this "redirect" parameter in the querystring. You can imagine that when doing development on a local dev box or other server, the ability to customize where HealthVault returns to after authentication would be very useful.

    For a production environment where we're dealing real user data, we cannot let people arbitrarily specify what server to return to in the query string because that could lead to phishing attacks and other types of security issues where a user's data gets compromised. So that means that the action URL needs to be specified in the application configuration. The reason why it must be HTTPS is because HealthVault deals with people's medication information, which is supposed to be private and secure. Communicating on non SSL channels means the data is subject to be leaked and read from other sources. This is the reason why HealthVault requires our connecting applications to be SSL.

    Regarding certificates, to verify that your application is who you say you are when retrieving and modifying people's health information we use a certificate model that will use the private key to sign your requests, and you include a thumbprint of the certificate that we use to look up in our database for the public key to verify.  Certificate stores are basically used as a secure way to store certificates and private keys. If your private key/certificate was compromised then anyone can impersonate your application and do bad things.

    At the key of the issue, you need a secure place on where to store this certificate/private key. On a shared linux server, I don't know what the best place to be would be since anyone on that server could access the cert store. If you include it as a file in the local directory, then it might be secure from other applications on the server but you would need to make sure it's not accessible via web requests, for example if you stuck it in your root folder, I shouldn't be able to access it via virtualhuman.tekknow.net/mysecretcert.pfx and then download and use it for malicious purposes. You could just embed it into the code/.php as long as you can ensure people can't download the .php file and read the contents. Basically you just need this private key to use for signing methods and to upload the proper thumbprint/public key to our servers for us to use to validate your requests.


    Monday, March 17, 2014 10:26 PM

All replies

  • After going through the user authorization flow HealthVault redirects back to the ActionURL associated with your application. In the Pre-Production Environment you can override this behavior by specifying the application URL that HealthVault should redirect back to. See Interacting with ActionURL for reference. It's written for the .NET SDK, but the concepts still apply. More importantly, see the "redirect" parameter in Shell redirect interface. When your application is redirecting to HealthVault see if this parameter is specified on the URL. The important thing here is for production you will need a valid HTTPS ActionURL for your web application's end-point.

    Regarding the certificates, in ACC you upload your application's public key. You maintain the private key on your end. You will want to generate a new public/private key pair for your application rather than use the one from the PHP examples. A PFX file contains the private key so that's not the right one. You'll need to find a tool that can generate public / private key pairs. The public key should be an x509 certificate that's DER encoded. A self-signed certificate is fine. On Linux there should be tools to help with this (for instance consider using OpenSSL).

    What I'd suggest is you generate a new key pair for your application in PPE first and get that working. Then for production you'll generate a different key pair using the same process.

    Once you're ready to go live to production with your application use the links in ACC to initiate the process.

    Friday, March 14, 2014 11:22 PM
  • Ali,

    Thanks for the reply.  I'm sure that is all quite clear to people who do this sort of thing every day.  Unfortunately, I'm not one of them.  Hopefully you can dumb it down for me and others.

    Here is the Authenticate link that is generated by my php web app.

    https://account.healthvault-ppe.com/redirect.aspx?target=AUTH&targetqs=%3Fappid%3D05a059c9-c309-46af-9b86-b06d42510550%0A%26redirect%3Dhttp%3A%2F%2Fvirtualhuman.tekknow.net%2FBlueBtnExp4.php%3FredirectToken%3Dd67ace6a4e7ad80dc3f78e1bfd5bf046

    You will note that it does contain a redirect parameter which points back to the same page with the Authenticate link, my web app.  Now if I understand correctly, I'm supposed to somehow come up with a https ActionURL do the same thing.  I read the "Interacting with ActionURL" but I don't understand it.  Do you have a simple example (not .NET) of how to do it?

    Regarding certificates, the Linux server is a 1and1.com shared server so I don't think I have the ability to generate a public/private key pair from there do I?  Even if I could I wouldn't know how to do it.  Again, please point me to simple examples.  I've been programming for over 30 years in many languages so I'm not stupid, just haven't done anything like this before.

    Saturday, March 15, 2014 3:59 AM
  • A PFX file contains the private key so that's not the right one. You'll need to find a tool that can generate public / private key pairs. The public key should be an x509 certificate that's DER encoded. A self-signed certificate is fine. On Linux there should be tools to help with this (for instance consider using OpenSSL).

    What I'd suggest is you generate a new key pair for your application in PPE first and get that working. Then for production you'll generate a different key pair using the same process.

    In the ACC under the Public Certs tab I see 40 chars called Thumb Print.  How did that get there? I didn't upload it.  I assume it was generated automatically by the ACC when I used it to "create a new app".  When I look in my ComputerCertificates (by running C:\Users\Greg\Documents\Health Records\Microsoft HealthVault\SDK\Tools\ComputerCertificates.msc) I see 3 certificates under Certificates(Local Computer)\Personal\Certificates.  the first one says "local host".  The next two say "WildcatApp-xxxxx".  If I doubleclick on the last one and select the Details tab I see a Thumbprint field that matches the Thumb Print in the ACC.  If I click on the Public key field I see a pile of hex.  If I click the "Copy to File" button and select "No, do not export the private key", then select "DER encoded binary X.509(.CER)" it creates the .cer file.  Is that the one I need to submit with the go-live email?
    Saturday, March 15, 2014 7:00 PM
  • For development purposes, on our PPE environment, we allow applications to specify this "redirect" parameter in the querystring. You can imagine that when doing development on a local dev box or other server, the ability to customize where HealthVault returns to after authentication would be very useful.

    For a production environment where we're dealing real user data, we cannot let people arbitrarily specify what server to return to in the query string because that could lead to phishing attacks and other types of security issues where a user's data gets compromised. So that means that the action URL needs to be specified in the application configuration. The reason why it must be HTTPS is because HealthVault deals with people's medication information, which is supposed to be private and secure. Communicating on non SSL channels means the data is subject to be leaked and read from other sources. This is the reason why HealthVault requires our connecting applications to be SSL.

    Regarding certificates, to verify that your application is who you say you are when retrieving and modifying people's health information we use a certificate model that will use the private key to sign your requests, and you include a thumbprint of the certificate that we use to look up in our database for the public key to verify.  Certificate stores are basically used as a secure way to store certificates and private keys. If your private key/certificate was compromised then anyone can impersonate your application and do bad things.

    At the key of the issue, you need a secure place on where to store this certificate/private key. On a shared linux server, I don't know what the best place to be would be since anyone on that server could access the cert store. If you include it as a file in the local directory, then it might be secure from other applications on the server but you would need to make sure it's not accessible via web requests, for example if you stuck it in your root folder, I shouldn't be able to access it via virtualhuman.tekknow.net/mysecretcert.pfx and then download and use it for malicious purposes. You could just embed it into the code/.php as long as you can ensure people can't download the .php file and read the contents. Basically you just need this private key to use for signing methods and to upload the proper thumbprint/public key to our servers for us to use to validate your requests.


    Monday, March 17, 2014 10:26 PM
  • Sean,

    Thanks for the reply.  Now I understand the "why" but still don't understand the "how".  Please see my comment on Mar 15 about how I generated a .cer file.  Is that the one to use? Or do I need to buy one?

    I called 1and1.com about getting a https domain.  They have a free "Shared SSL Encryption" option and a "Dedicated SSL Certificate" option which costs $50/yr.  I'm confused about what is needed.  Obviously I don't want to pay if I don't have to.  Unfortunately, they tell me there is an ongoing bug in both of these options that they are trying to resolve so I'm stuck until then.

    Thursday, March 20, 2014 3:19 PM
  • Can you please let me know have you resolved this redirection issue; if so please guide me as well. thx in advance

    • Edited by bijivr Friday, June 20, 2014 10:33 AM
    Friday, June 20, 2014 10:32 AM