Soporte MTLS para acciones de datos
Puede aumentar la seguridad entre el servicio de acciones de datos y su servicio web con la seguridad de la capa de transporte mutua (MTLS). Con MTLS, los dos servicios se proporcionan mutuamente certificados de confianza.
Configure your service to ask the data actions service for an MTLS certificate and to trust certificates from the private certificate authority (CA) for your Genesys Cloud region. Each certificate includes a certification revocation list (CRL).
When you configure the web services data actions integration, either select Genesys Cloud or Digicert as the certificate authority.
Genesys Cloud as certificate authority
When you select Genesys Cloud as the certificate authority, the client certificate is directly signed by the regional Genesys private certificate authority with no intermediate certificates. The Genesys Cloud private root CA automatically rotates the client certificate every year. Trusting the regional CA ensures that no interruptions occur when the certificate is rotated.
La siguiente tabla enumera los nombres de dominio regionales de los certificados de cliente para cada región de Genesys Cloud. Asegúrese de confiar en el certificado asociado a su región.
| Región de Genesys Cloud | Nombres de dominio regionales | Certificado (.zip) |
|---|---|---|
| Américas (Canadá) | dataactions.prod-cac1.ca-central-1.mypurecloud.com | CA-Central-1 |
| América (São Paulo) | dataactions.prod-sae1.sa-east-1.mypurecloud.com | SA-Este-1 |
| Américas (este de EE. UU.) | dataactions.prod.us-east-1.mypurecloud.com | US-East-1 |
| América (EE. UU. Este 2) | dataactions.fedramp-use2-core.us-east-2.mypurecloud.com | EE.UU.-Este-2 |
| América (Oeste de EE. UU.) | dataactions.prod-usw2.us-west-2.mypurecloud.com | Estados Unidos-Oeste-2 |
| Asia Pacífico (Mumbai) | dataactions.prod-aps1.ap-south-1.mypurecloud.com | APS-1 |
| Asia-Pacífico (Osaka) | dataactions.prod-apne3.ap-northeast-3.mypurecloud.com | APNE-3 |
| Asia Pacífico (Seúl) | dataactions.prod-apne2.ap-northeast-2.mypurecloud.com | APNE-2 |
| Asia Pacífico (Sydney) | dataactions.prod-apse2.ap-southeast-2.mypurecloud.com | APSE-2 |
| Asia Pacífico (Tokio) | dataactions.prod-apne1.ap-northeast-1.mypurecloud.com | APNE-1 |
| EMEA (Dublín) | dataactions.prod-euw1.eu-west-1.mypurecloud.com | UE-Oeste-1 |
| EMEA (Fráncfort) | dataactions.prod-euc1.eu-central-1.mypurecloud.com | EU-Central-1 |
| EMEA (Londres) | dataactions.prod-euw2.eu-west-2.mypurecloud.com | UE-Oeste-2 |
| EMEA (Zúrich) | dataactions.prod-euc2.eu-central-2.mypurecloud.com | EU-Central-2 |
| Oriente Próximo (EAU) | dataactions.prod-mec1.me-central-1.mypurecloud.com |
Digicert as certificate authority
When you select Digicert as the certificate authority, the data action MTLS client certificate is signed by a Digicert intermediate certificate that is rooted on a publicly trusted Digicert certificate authority. Configure your endpoint to trust the current client certificate explicitly and the upcoming certificate during the annual certificate rotation. Genesys Cloud provides an endpoint for all customers to query about the current and upcoming client certificate associated with your region.
The Genesys Cloud public API to retrieve the available MTLS certificates is api/v2/integrations/actions/certificates/. For more information, see API Explorer in Genesys Cloud Developer Center.
The optional query parameters for the public API endpoint are:
| Query param | Possible values |
|---|---|
| Estado | Current, Upcoming |
| Signing Authority | Digicert, Genesys |
A sample output of the API call:
{
"entities": [
{
"signingAuthority": "DigiCert",
"certificate": "-----BEGIN CERTIFICATE-----
\r\nMIIFTzCCBDegAwIBAgIQAiR1dObCOTT5eSuynYFC2zANBgkqhkiG9w0BAQsFADBq\r\nMQswCQYDVQQGEwJV
UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwY...
b/BmD0WY51jgQSdTmkU11Mi5XdZ+bqkZL88He\r\n40p5a6E2HGTWd1CfCRz/T6rNOsvNekfSH1PXzTi/sWfx4rr
c4IKOtVbQZIyziLRI\r\nYr0GHu6jLFeGT3ma0v7gdffevw==\r\n-----END CERTIFICATE-----\r\n
-----BEGIN CERTIFICATE-----
\r\nMIIFXzCCBEegAwIBAgIQD/rh8xorQzw9muFtZDtYizANBgkqhkiG9w0BAQsFADBl\r\nMQswCQYDVQQGEwJV
UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\nd3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtE
aWdpQ2VydCBBc3N1cmVkIElEIFJv\r\nb3QgRzIwHhcNMTkwOTIzMTIyNTMyW...
oECzez2y/1IVTPl\r\nh57zBfjHJQFqLWzHdou8M+ucdJtr2swXII6s3nkq4pfEn7KnbzMS9quFSuyOGILc\r\ng
/3qVwaHNLM5R+8nB5gPI5+u5Uh56w1i+9Ds1pjYAiTHdeU=\r\n-----END CERTIFICATE-----\r\n
-----BEGIN CERTIFICATE-----
\r\nMIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl\r\nMQswCQYDVQQGEwJV
UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\nd3cuZGlnaWNlcnQuY29tMSQ...
WhsI6yLETcDbYz+70CjTVW0z9\r\nB5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWz
wPDCv\r\nON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo\r\nIhNzbM8m9Yo
p5w==\r\n-----END CERTIFICATE-----",
"status": "Current",
"type": "Client"
},
{
"signingAuthority": "Genesys",
"certificate": "-----BEGIN CERTIFICATE-----
\nMIIFYTCCA0mgAwIBAgIRAJksgLAGZ8Mor/v3MOmYwA0wDQYJKoZIhvcNAQELBQAw\ngZUxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdJbmRpYW5hMRUwEwYDVQQHDAx...
GT5KD0ruJX5KfqTxxShjV1Thkk2dxcg2l8ZcZJu2v58T+Xy9/\nvQ435njK19evaXXoTum7cxHJjF2DislWkhPii
fz/ID5/UP365Q==\n-----END CERTIFICATE-----\n\n",
"status": "Current",
"type": "Client"
}
].,
"pageSize": 20,
"pageNumber": 1,
"total": 2,
"pageCount": 1
}
An upcoming certificate is provided only for the DigiCert authority, and only if the current certificate has less than 90 days of validity remaining.
Para obtener más información sobre la integración, consulte Acerca de la integración de acciones de datos de servicios web.
