Additional Allowed Hosts

Item	Name	Description
A	New	Enter additional host names.
B	Delete	Delete one or more additional host names.

SSL Manager User Guide

Enabled TLS/SSL Protocols

The protocol is the version of the TLS/SSL standard that is used by both the client and server. By default, only the most secure protocols are enabled, but if you are communicating with a legacy server that only supports an older, weaker protocol, you can configure your connector to use it without affecting any other connectors or channels. Enabled Protocols option on SSL Settings window Select the wrench icon to open the Set Protocols window: Set Protocols window The server defaults refers to the protocols configured for the overall Mirth® Connect by NextGen Healthcare server, in mirth.properties. If your connector is a listener (for example, HTTP Listener), then the defaults will extend from the server protocols ("https.server.protocols"). Otherwise they will extend from the client protocols ("https.client.protocols"). You can find more information in the mirth.properties section of the Mirth Connect User Guide, accessible through the NextGen Knowledge Center. To override the server

SSL Manager User Guide

CRL Revocation Checking

If enabled, Certificate Revocation List (CRL) checking will be done on all local and remote certificates. The issuer of the CRL must be included in your trusted certificates as well in order to verify signatures. CRL Enabled option on the SSL Settings window Select the wrench icon to open the CRL Settings window: CRL Settings window with CRL URI field and Hard Fail option CRL URI: This setting is optional. If specified, this URI will be used in addition to any certificate CRL Distribution Points when checking for revocation. HTTP, File FTP, or LDAP URIs are supported. Hard Fail: When enabled, this connector will depend on the remote CRL provider. If a CRL cannot be downloaded or verified for any reason, all connections will fail revocation checks. Parent topic: Common Connector SSL Settings

SSL Manager User Guide

Subject DN Validation

If enabled, only client certificates with subject distinguished names (DNs) matching the given list will be allowed. If a client certificate not matching any of the trusted DNs is presented, the SSL connection / handshake will fail. Subject DN Validation option on the SSL Settings window Select the wrench icon to open the Trusted Subject DNs window: Set Trusted Certificate Subject DNs window Select the New / Delete buttons to add or remove entries. For each Trusted Subject DN entry, configure the following: Distinguished Name: The full or partial distinguished name (DN) to trust. This will be matched against the Subject DN of the remote certificate. Full Match: If enabled, all components (RDNs) configured here must match the ones in the certificate, and the subject DN cannot have any additional components. If disabled, the components configured here will only be considered a required subset, and the subject DN may have additional components. Example 1 Example 2 Example 3 Parent topic:

SSL Manager User Guide

Common Connector SSL Settings

The following sections provide descriptions and examples of common connector SSL settings. Additional Allowed Hosts Subject DN Validation OCSP Revocation Checking CRL Revocation Checking Enabled TLS/SSL Protocols Enabled TLS/SSL Cipher Suites Additional Allowed Hosts Additional Allowed Hosts is an optional feature that lets you specify extra host names to be verified alongside the primary host name set in the Remote Address field. Subject DN Validation OCSP Revocation Checking CRL Revocation Checking Enabled TLS/SSL Protocols Enabled TLS/SSL Cipher Suites

LDAP Authorization User Guide

Enable Encryption

Configure options for encrypted communication between Mirth® Connect by NextGen Healthcare and a Lightweight Directory Access Protocol (LDAP) server. Mirth® Connect by NextGen Healthcare can communicate with a Lightweight Directory Access Protocol (LDAP) server using an encrypted connection. You can set options to encrypt the LDAP connection. LDAP Configuration In the LDAP Configuration section, set Encryption to one of the following: None: No encryption is performed. STARTTLS: Start with Transport Layer Security (TLS) and upgrade to an encrypted connection. Typically, LDAP servers use port 389 for TLS. SSL: Use Secure Sockets Layer (SSL) protocol. Typically, LDAP servers use port 636 for SSL. Set Certificate Validation to one of the following: Enabled: Mirth® Connect does not connect to the LDAP server if the server presents an SSL certificate that is not trusted. For the connection to succeed, you need to first import the LDAP server public SSL certificate. Disabled: Mirth® Connect t

Mirth® Appliance by NextGen Healthcare Deployment Guide, 4.1

Mirth® Appliance by NextGen Healthcare Certificates

The appliance SSL Certificate window enables you to work with the local certificate authority or to prepare a certificate to be signed by a third-party authority. Your Mirth® Appliance by NextGen Healthcare ships with a local certificate authority and a default certificate installed. Although this certificate functions out of the box, the remote side of the SSL connection may receive a message that the certificate does not match the site name or that the certificate authority is untrusted. If this issue occurs, you can select System > Certificates to modify the advanced certificate settings. The Appliance SSL Certificate window lets you work with the local certificate authority or prepare a certificate to be signed by a third-party authority. Using the Local Certificate Authority To resolve an issue with a mismatched certificate name, update the new values for the certificate. Use a Third-Party Certificate Authority If it is necessary to use an SSL certificate from a well-known source

Additional Allowed Hosts

Recommendations

Enabled TLS/SSL Protocols

CRL Revocation Checking

Subject DN Validation

Common Connector SSL Settings

Enable Encryption

Mirth® Appliance by NextGen Healthcare Certificates

Additional Allowed Hosts

Enabled TLS/SSL Protocols

CRL Revocation Checking

Subject DN Validation

Common Connector SSL Settings

Enable Encryption

Mirth® Appliance by NextGen Healthcare Certificates