ConfigSSL VI

Owning Palette: Security VIs

Requires: Base Development System (Windows)

Provides Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL), authentication for Web requests associated with the client handle. Use TLS/SSL authentication with other HTTP Client VIs to send Web requests to a server, Web page, or Web service using TLS/SSL.

Details  

 Add to the block diagram  Find on the palette
private key password specifies a password for the private key file. If the private key file is not encrypted, you do not have to specify a private key password.
client handle specifies the client handle to associate with the Web request. Use client handles to wire together multiple HTTP Client VIs while preserving authentication credentials, HTTP headers, and cookies. Client handles are not required when making independent Web requests without persistent data such as headers or credentials.
CA certificate file specifies the path to a list of trusted certificate authority (CA) certificates. If you specify TRUE for the verify server control, the client verifies the server's identity against this list of trusted certificates.
private key file specifies the path to a private key file that is part of the client certificate and client authentication process. If the server requires client authentication, you must specify a client certificate file and a private key file. If you need to transfer this file between client systems, especially over a network, you can assign a password when you create the private key file. To use password-protected private key files with this VI, assign the password to the private key password input.
error in describes error conditions that occur before this node runs. This input provides standard error in functionality.
verify server specifies whether to check the server's certificate against the list of trusted CA certificates specified by the CA certificate file control. If TRUE, this VI verifies the server's identity against the list of trusted CA certificates for optimal security. If FALSE, this VI does not verify the server's identity and does not provide optimal security. Specifying FALSE allows the client to accept self-signed certificates signed by the certificate creator rather than a trusted CA. The default is TRUE.
client handle out returns the client handle associated with the Web request. Use client handles to wire together multiple HTTP Client VIs while preserving authentication credentials, HTTP headers, and cookies. Client handles are not required when making independent Web requests without persistent data such as headers or credentials.
error out contains error information. This output provides standard error out functionality.

ConfigSSL Details

Use the ConfigSSL VI to verify the server's identity against a list of trusted certificate authority (CA) certificates, and provide client authentication, if required by the server. Client handles save the TLS/SSL credentials across multiple Web requests. Use the OpenHandle VI to open a client handle.

TLS/SSL encryption uses certificates to establish secure connections between a client and a server. Certificates are binary files that contain identifying information about the server, as well as a public key and a digital signature. The digital signature can be added by a certificate authority (CA), a trusted third party that issues digital certifications, or by the certificate creator, which is called a self-signed certificate.

The following screenshot shows code that performs the following:

  1. The OpenHandle VI opens a client handle and a client-side cookie that can store persistent data.
  2. The ConfigSSL VI establishes TLS/SSL credentials including server authentication and client authentication.
  3. The GET VI performs a Web request with TLS/SSL authentication.
  4. The CloseHandle VI closes the client handle and closes the TLS/SSL-protected connection between the client and the server.

Using the ConfigSSL VI with LabVIEW Web Services

Use this VI to connect with LabVIEW Web services protected by TLS/SSL. First, you must build and deploy a Web service, including the setup of TLS/SSL security. You can then use the ConfigSSL VI to authenticate all Web requests to that Web service associated with the Client Handle.