11100: Obtain Digital Certificate for TLS Testing

Overview of the test

This test contains instructions for obtaining a digital certificate for your test system that is registered for an IHE Connectathon.   You will obtain your digital certificate(s) from the Gazelle Security Suite tool.

Prerequisite for this test

If you have not yet read this ATNA Testing Resources page, please do that before proceeding with this test.  That page contains important content for using the digital certificates for pre-Connectathon and Connectathon tests.  The instructions below only tell you how to generate a digital certificate.

When you generate your digital certificate, you will need to know two values:

(1) The hostname(s) for your test system. 

  • For IHE Connectathons face-to-face:  The hostname(s) are assigned to your test system by Gazelle Test Management (European Gazelle or North American Gazelle).  To find the hostname for your test system, log into Gazelle Test Management, then select menu Configurations-->System configuration.
  • For IHE Connectathons Online     This is the public hostname(s) for your test system.  For Connectathons Online, hostname and IP addresses are determined by the operator of the test system.   (The operator still shares its hostname(s) with other participants via the Configurations menu in Gazelle Test Management.)

(2) Domain Name:

  • For IHE Connectathons face-to-face:  The domain name of the Connectathon network.  E.g., for the NA 2020 Connectathon, the Domain Name is ihe-us-test.net.
    -- or --
  • For IHE Connectathons Online:  Your public domain name.

 

Location Gazelle Security Suite (GSS) tool:

Log in to the tool

There are separate CAS systems for European and North American Connectathons.  The European CAS is linked to http://gazelle.ihe.net/EU-CAT/ and the North American CAS is linked to https://gazelle.iheusa.org/gazelle-na/.   You will use your username & password from Gazelle for either the European or NA Connectathon:

  • On the tool home page (http://gazelle.ihe.net/gss) find the "Login" link at the upper right of the page.  
  • Select either "European Authentication" or "North American Authentication"
  • Enter the username and password from either the European or North American instances of Gazelle Test Management linked above

Instructions - Obtain a Certificate

  • Select menu PKI-->Request a certificate
  • Complete the fields on page:
    • Certificate type:  Choose "Client and Server" from dropdown list  (Required field)
    • key size: (optional)
    • Country (C): (required)
    • Organization (O):  Your organization name in Gazelle   (Required field)
    • Common Name (CN):  The Keyword for your test system in Gazelle (eg EHR_MyMedicalCo)  (Required field)
    • Title:  (optional)
    • Given name: (optional)
    • Surname: (optional)
    • Organizational Unit: (optional)
    • eMail:  (optiional) email of a technical contact making the request
    • Subject Alternative Names: <=== New at Connectathons in 2019 & later.  
      • You must enter at least one value in this field -- the fully-qualified domain name of your test system on the Connectathon network.  This is a combination of the hostname of your test system and the domain name.  E.G., for the 2020 NA Connectathon network, the domain name was ihe-us-test.net.  So, an example of a fully-qualified domain name entered in this field for a digital certificate for the NA Connectathon is acme0.ihe-us-test.net
      • If you have more than one hostname, you should enter multiple values are separated by a comma.  These values may also be additional fully-qualified domain name(s) for your test system that is operating in a non-Connectathon environment with a different domain name, eg you are testing with the NIST XDS Tools in your home test lab. 
  • Click the "Request" button.
  • You will then be taken to a page listing all requested certificates.  Find yours on the top of the list, or use the filters at the top.
  • In the "Action" column, click the "View Certificate" (sun) icon.  Your certificate details are displayed.  Use the "Download" menu to download your certificate and/or the Keystore.

It is also possible to find your certificate using the menu:

  • Select menu PKI-->List certificates
  • In the "Requester" column, filter the list by entering your username at the top of the column (the username you used to log in to the tool)
  • Use the icon in the "Action" column to find and download your certificate, as described above.

You are now ready to use this certificate for performing:

  • authentication tests with the Gazelle Security Suite tool
  • peer-to-peer tests with your Connectathon partners

Evaluation 

There is no specific evaluation for this test.  

Create a text file stating that you have requested & received your certificate(s). Upload that text file into your local gazelle as the Log Return file for pre-Connectathon test 11100.

In subsequent tests (eg 11109 Authentication test), you will verify the proper operation of your test system with your digital certificate.