Sidebar

How do you obtain a Certificate for use within QIE?

0 votes
888 views
asked Jul 2, 2015 by gary-t-8719 (14,860 points)
edited Jul 2, 2015 by gary-t-8719
I understand that there are two certificates involved in a Client Authenticated SSL/TLS connection. One for the receiving entity (HIE, Registry, HISP, Portal) and one for the sending entity (IDN's, Hospital, Clinic). My question is how does the Hospital or Clinic obtain a certificate?

1 Answer

0 votes

For the purposes of this conversation we will use the name of Millennial Health System (MHS) as the sending Entity. There are two types of certificates that MHS can obtain. 

1. Self Signed certificate

2. Certificate Authority (CA) issued certificate

Both are equal with regard to security, however, the Certificate Authority issued certificate may not require the receiving entity to install the certificate to trust it where as the Self Signed certificate will require the receiving entity to install the MHS certificate into their trust store.

There are 2 basic steps required to obtain a certificate using QIE.

1. Log into QIE and navigate to the certificates page and then create a Private Key. To create a Private Key:

  • Click on the New button and provide a Name for the Certificate. This name can be anything you like but it is recommended that your fully qualified domain name (FQDN) be used.
  • Provide a password and a hint to remember the password. Note: You will need to remember this password to recover or re-import this certificate from the QIE nightly backup files.
  • Then choose a key size. The default is 2048 and should be used over the 1024 unless specifically requested by the receiving entity to use the 1024.

 

2. Decide if a Self Signed certificate is needed or a Certificate Authority (CA) certificate is needed.

  • If a Self Signed certificate is desired then one can be created within QIE by:
    • Highlighting the private key just generated and then clicking on New and selecting Self-Signed certificate.
    • Provide a name for the certificate (It is recommended to use the FQDN here as well) and;
    • Fill in the other contact details about your organization (MHS)

After completing these steps a Self-Signed certificate will be created and exported. This certificate can then be provided to the receiving entity for them to install into their trust store.

  • However, if a Certificate Authority issued certificate is needed then a Certificate Signing Request (CSR) can be created within QIE by:
    • Highlighting the private key just generated and then clicking on New and selecting Certificate Signing Request.
    • Provide a name for the certificate (It is recommended to use the FQDN here as well) and;
    • Fill in the other contact details about your organization (MHS)

After completing these steps a Certificate Signing Request (CSR) will be generated and exported. This CSR file can then be provided to a CA (e.g. DigiCert, VeriSign, Go Daddy) of your choice. The CA will then verify the entity (MHS) and then issue a certificate. This certificate can then:

  • 1. Be imported into QIE for use and;
  • 2. Be provided to the receiving entity for them to install into their trust store.

 

This question is part of 3 questions that will walk a user through Obtaining, Installing and Using a certificate in QIE.

How do you obtain a certificate for use within QIE

How do I install a certificate into QIE

How do I assocaite a certificate with my connection in QIE

answered Jul 2, 2015 by gary-t-8719 (14,860 points)
edited Jul 2, 2015 by gary-t-8719
...