Hello,I am currently facing the task of retrieving or sending HL7 messages from a web API. Since we only send HL7 messages via internal sockets, web APIs are relatively new to me.The following is my plan for the new interface:I have created a new custom business service that periodically sends requests to a business process. In this business process, the HTTP request (HTTP.GenericMessage) is then created from scratch. The special feature is the "Authorisation" header field, where a signature is inserted, which consists of a base64-encoded hash value. The request is then sent to the API via a

What is TLS?

TLS, the successor to SSL, stands for Transport Layer Security and provides security (i.e. encryption and authentication) over a TCP/IP connection. If you have ever noticed the "s" on "https" URLs, you have recognized an HTTP connection "secured" by SSL/TLS. In the past, only login/authorization pages on the web would use TLS, but in today's hostile internet environment, best practice indicates that we should secure all connections with TLS.

Why use TLS?

Securing IRIS Integrations with Mutual TLS (mTLS): A Practical Guide

In today’s enterprise environments, secure communication between systems is not optional—it’s essential. Whether you're integrating InterSystems IRIS with cloud APIs, internal microservices, or third-party platforms, Mutual TLS (mTLS) offers a powerful way to ensure both ends of the connection are authenticated and encrypted.

This post walks through how to configure IRIS for mTLS and how to validate your certificates to avoid common pitfalls.

🔐 What is Mutual TLS (mTLS)?

Hello,

I'm trying to connect a Python backend application to an InterSystems IRIS Community Edition instance running in a Docker container on an AWS EC2 instance. I'm facing persistent connection issues and an SSL Error despite the Superserver apparently having SSL disabled. I'm hoping for some insight into what might be causing this contradictory behavior.

My Setup:

Good day 

I am trying to connect a business service to fileZilla using FTP on my local PC Win 11.

I am trying to setup my training after attending the Building HL7 interfaces course with ISC.

The connection is failing. He is the error below

ERROR <Ens>ErrOutConnectFailed: FTP Connect failed for localhost:21//SSL=' with error ERROR <Ens>ErrFTPConnectFailed: FTP: Failed to connect to server 'localhost:21//SSL='/' (msg='Missing required argument',code=501)

I'm using a %Net.HttpRequest which had been successful in the past, but started failing at some point with a SSL/TLS protocol error.

ERROR #6085: Unable to write to socket with SSL/TLS configuration 'groundca', error reported 'SSL/TLS error in SSL_connect(), SSL_ERROR_SSL: protocol error, error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol'

The SSL/TLS configuration:

The request's SSLConfig is set to the "groundca" config when making the request.

For those that use IRIS for Health, HealthShare, and or Health Connect...

As Health Applications are moving to the Cloud, how have you handled communication from the Application to your instances via HTTPS?

Trying to figure out the best path on designing the proper workflow to allow these messages to be allowed to be eventually sent to our EMR to post to the patient chart.

We are very wary of opening a connection from the internet to our instance of Health Connect.

Thanks

Does %OSCertificateStore only check the trusted root folder in windows?

Can it be used for Personal store on servers or is there another condition can be used? 

Used it for a first time and writing a function to check specific ones being used for expiry but had one this week that was to be installed in personal rather than the trusted root and didn't know if stating OSCertificateStore or a url otherwise to look in the personal installed certs on the server could be used instead so stuck with the original way (which can get confusing)

Hello,

I was just trying to get to the bottom of a TLS config - we have an interface with a TLS config that has had 'Server certificate verification' set to 'On', however the cert file specified either did not exist or contained a cert that was expired.

Does anyone know what the behavior is for this typically? I would expect this to not allow traffic on the interface, however this has been working fine for a few years now with an invalid cert specified for 'Server certificate verification' and set to 'On'.