11100: Obtain Digital Certificate for TLS Testing

Overview of the test

This test contains instructions for obtaining a digital certificate for your test system that is registered for an IHE Connectathon.   You will obtain your digital certificate(s) from the Gazelle Security Suite tool.

Prerequisites for this test

First, please read the ATNA Testing Resources page before proceeding with this test.  That page contains important context for using the digital certificates for Connectathon-related tests. 

When you generate your digital certificate in Gazelle Security Suite, you will need to know two values:

(1) The hostname(s) for your test system:

  • For IHE Connectathons face-to-face:  The hostname(s) are assigned to your test system by Gazelle Test Management.  (See https://gazelle.ihe.net/TM/ for the 2022 IHE Connectathon; the link may differ for other testing events). 
    To find the hostname for your test system, log into Gazelle Test Management, then select menu Preparation-->* Network Interfaces.
  • For IHE Connectathons Online     This is the public hostname(s) for your test system.  For Connectathons Online, hostname and IP addresses are determined by the operator of the test system.   (The operator still shares its hostname(s) with other participants using Gazelle Test Management.)

(2) Domain Name:

  • For IHE Connectathons face-to-face:  The domain name of the Connectathon network.  This information is published by the Technical Manager of each IHE Connectathon.  (E.g., for the IHE Connectathon 2022, the Domain Name is ihe-europe.net).
  • For IHE Connectathons Online:  Your public domain name.

 

Location Gazelle Security Suite (GSS) tool

Log in to the GSS tool

When logging in to GSS, you will use your username & password from Gazelle Test Management for your Connectathon.  There are separate CAS systems for different instances of Gazelle Test Management, and you will have to take this into account when logging in to GSS:

  • The European CAS is linked to Gazelle Test Management at http://gazelle.ihe.net/TM/ <---This will be used for the 2022 IHE EU/NA Connectathon
  • The North American CAS is linked to Gazelle Test Management at https://gazelle.iheusa.org/gazelle-na/
  • If you don't have an account, you can create a new on the Gazelle Test Management home page.

On the GSS home page (http://gazelle.ihe.net/gss) find the "Login" link at the upper right of the page.  

  • Select either "European Authentication" or "North American Authentication"
  • Enter the username and password from either Gazelle Test Management linked above.

Instructions - Obtain a Certificate

  • In GSS, select menu PKI-->Request a certificate
  • Complete the fields on page:
    • Certificate type:  Choose "Client and Server" from dropdown list  (Required field)
    • key size: 2048
    • Country (C): (required)
    • Organization (O):  Your organization name in Gazelle Test Management   (Required field)
    • Common Name (CN):  The Keyword for your test system in Gazelle Test Management (eg EHR_MyMedicalCo)  (Required field)
    • Title:  (optional)
    • Given name: (optional)
    • Surname: (optional)
    • Organizational Unit: (optional)
    • eMail:  (optiional) email of a technical contact making the request
    • Subject Alternative Names: 
      • You must enter at least one value in this field:   the fully-qualified domain name of your test system.
      • For a face-to-face Connectathon, this is a combination of the hostname of your test system and the domain name. (See the Prerequisites section above)
        • E.g., for Connectathon network, the hostname of your system might be acme0, and the domain name might be ihe-test.net.  So, an example of a fully-qualified domain name entered in this field for a digital certificate is acme0.ihe-test.net
      • This value may contain additional fully-qualified domain name(s) for your test system when it is operating outside of a face-to-face Connectathon, e.g. when you are testing with the NIST XDS Tools in your home test lab, or if you are participating in an online Connectathon.
      • If you have more than one hostname, multiple values are separated by a comma.
  • Click the "Request" button.
  • You will then be taken to a page listing all requested certificates.  Find yours on the top of the list, or use the filters at the top.
  • In the "Action" column, click the "View Certificate" (sun) icon.  Your certificate details are displayed.  Use the "Download" menu to download your certificate and/or the Keystore.

It is also possible to find your certificate using the menu:

  • Select menu PKI-->List certificates
  • In the "Requester" column, filter the list by entering your username at the top of the column (the username you used to log in to GSS)
  • Use the icon in the "Action" column to find and download your certificate, as described above.

You are now ready to use this certificate for performing:

  • authentication tests with the Gazelle Security Suite tool
  • interoperability (peer-to-peer) tests with your Connectathon partners

Evaluation 

There is no specific evaluation for this test.  

Create a text file stating that you have requested & received your certificate(s). Upload that text file into Gazelle Test Management as the Log Return file for test 11100.

In subsequent tests (eg 11109 Authentication test), you will verify the proper operation of your test system with your digital certificate.