11100: Obtain Digital Certificate for TLS Testing

Overview of the test

This test contains instructions for obtaining a digital certificate for your Connectathon test system.   You will obtain your digital certificate(s) from the Gazelle Security Suite tool.

If you have not tested at an IHE Connectathons in since 2018, and your system performs transactions over TLS, you **MUST GENERATE A NEW DIGITAL CERTIFICATE**.  Digital Certificates from previous years will not work at Connectathons in 2019 and later.

Prerequisite for this test

(1) If you have not yet read this ATNA Testing Resources page, please do that before proceeding with this test.  That page contains important content for using the digital certificates for pre-Connectathon and Connectathon tests.  The instructions below only tell you how to generate a digital certificate.

(2) When you generate your digital certificate, you will need to know two values:

  1. The hostname of your test system on the Connectathon network.  This is assigned to your test system in the European Gazelle or North American Gazelle for Test Management.  To find the hostname for your test system, log into Gazelle Test Management, then select menu Configurations-->System configuration.
  2. The Domain Name of the Connectathon network.  For the NA 2020 Connectathon, it is ihe-us-test.net. For the EU 2020 Connectathon, it is ihe-europe.net (to be confirmed).

Location Gazelle Security Suite (GSS) tool:

Log in to the tool

There are separate CAS systems for European and North American Connectathons.  The European CAS is linked to http://gazelle.ihe.net/EU-CAT/ and the North American CAS is linked to https://gazelle.iheusa.org/gazelle-na/.   You will use your username & password from Gazelle for either the European or NA Connectathon:

  • On the tool home page (http://gazelle.ihe.net/gss) find the "Login" link at the upper right of the page.  
  • Select either "European Authentication" or "North American Authentication"
  • Enter the username and password from either the European or North American instances of Gazelle Test Management linked above

Instructions - Obtain a Certificate

  • Select menu PKI-->Request a certificate
  • Complete the fields on page:
    • Certificate type:  Choose "Client and Server" from dropdown list  (Required field)
    • key size: (optional)
    • Country (C): (required)
    • Organization (O):  Your organization name in Gazelle   (Required field)
    • Common Name (CN):  The Keyword for your test system in Gazelle (eg EHR_MyMedicalCo)  (Required field)
    • Title:  (optional)
    • Given name: (optional)
    • Surname: (optional)
    • Organizational Unit: (optional)
    • eMail:  (optiional) email of a technical contact making the request
    • Subject Alternative Names: <=== New at Connectathons in 2019 & later.  
      • You must enter at least one value in this field -- the fully-qualified domain name of your test system on the Connectathon network.  This is a combination of the hostname assigned in Gazelle to your system and the domain name for the Connectathon test network.  For the 2019 NA Connectathon network, the domain name is ihe-us-test.net.  So, an example of a fully-qualified domain name entered in this field for a digital certificate for the NA Connectathon is acme0.ihe-us-test.net
      • You may optionally enter more than one value.  Multiple values are separated by a comma.  These values will be additional fully-qualified domain name(s) for your test system that is operating in a non-Connectathon environment with a different domain name, eg you are testing with the NIST XDS Tools in your home test lab. 
  • Click the "Request" button.
  • You will then be taken to a page listing all requested certificates.  Find yours on the top of the list, or use the filters at the top.
  • In the "Action" column, click the "View Certificate" (sun) icon.  Your certificate details are displayed.  Use the "Download" menu to download your certificate and/or the Keystore.

It is also possible to find your certificate using the menu:

  • Select menu PKI-->List certificates
  • In the "Requester" column, filter the list by entering your username at the top of the column (the username you used to log in to the tool)
  • Use the icon in the "Action" column to find and download your certificate, as described above.

You are now ready to use this certificate for performing:

  • authentication tests with the Gazelle Security Suite tool
  • peer-to-peer tests with your Connectathon partners

Evaluation 

There is no specific evaluation for this test.  

Create a text file stating that you have requested & received your certificate(s). Upload that text file into your local gazelle as the Log Return file for pre-Connectathon test 11100.

In subsequent tests (eg 11109 Authentication test), you will verify the proper operation of your test system with your digital certificate.