Mirth Connect is awesome! One common question on the forums and Slack is how to manage SSL connctions. These questions mainly focus on HTTPS but also include TCP connections.
The quick rundown is:
- The built-in MC HTTP connector will do HTTPS if:
- The endpoint has a certificate which is signed by a CA already present in the JVM truststore and has the right DN or SAN for the hostname. This is logically equivalent to the "green check" if you open the URL in a browser.
- The certificate has been added to the truststore for the JVM that MC is running under
- Changes to DNS or host files allow a hostname to match the DN or SAN already present in the cert (not reccomended)
- SSL firewalls or stunnel can also proxy the SSL connections. MC connects to the unsecured side of the tunnel and the SSL layer is handled on the other side.
- Commercial extensions
- Mirth has a commercial SSL extension - https://www.nextgen.com/products-and-services/integration-engine
- Zen Healthcare IT has a competing SSL offering at - https://consultzen.com/zen-ssl-extension/
- Channel code - You can use tools like Apache HTTP Commons in MC and use that code to deal with SSL
The main consideration between these options are:
- Who is expected to manage the connections? Interface engineers benefit from options 3 and 4. Network and DevOps are well positioned for 1 and 2.
- When will certs expire and what are the corporate policies about cert management? Most certificates are good for 1 to 3 years, that means that updates are required as the certificates expire. What option is easies for your organization to a) detect this expiration and b) update certificates BEFORE they expire as routine maintenance?
- What other software in your environment uses SSL and how is that managed?