Comment on page
The messaging settings section allows system administrators to configure the various messaging interfaces on SanteDB.
The REST based services in the configuration panel have two sections of configuration in their panel, as illustrated in the FHIR panel below.
- REST API -> This section of the configuration panel is common to all REST services and controls the ports, paths and bindings of the REST API.
- Service -> This section varies and is specific to the actual API being configured.
This section illustrates the common REST settings.
The service behaviors option can be expanded to show a collection editor. Here, administrators can remove or add new behaviors to the service definition.
Editing the endpoints will present a collection editor where administrators can add/remove specific endpoint bindings to/from the service. Endpoint bindings dictate the port, scheme and path where the REST API can be accessed.
When you set an endpoint address to scheme
https://the certificate binding configuration is enabled.
When binding an endpoint to HTTPS you must ensure:
- The port is different than those used by HTTP bindings (only one scheme can be bound per port on a machine)
- You have an SSL certificate with a private key installed in one of the key stores available to Windows or Mono (on Mono - using
Once the certificate binding is enabled, you can expand it and select the certificate
Binding to HTTPS using the iCDR directly is only recommended on Microsoft Windows Operating Systems. It is possible to bind the certificate to a port/address pair in Mono on Linux operating systems, however this feature is not widely documented.
Consider using an TLS termination architecture for high-bandwidth deployments. Using a reverse proxy such as IIS or NGINX can greatly improve performance within the SanteDB iCDR environment as it allows shared web service endpoints to communicate using HTTP (with less overhead) whilst still allowing security transmission of data beyond the termination point.