Basic TLS options are available in the open-source distribution as you've seen. The extension provides FTPS support, listener support (like HTTP Listener and Web Service Listener), and advanced options like two-way (mutual) authentication and hostname verification.

In addition to all of that, the extension isn't just enabling TLS/SSL on connectors. It also provides an entirely new settings panel for managing your certificates, both public certs and locally identifying public/private keypairs. You can even create entirely new certificates, generate CSRs, and import CA replies. Tons of options are available there, like subject details, validity dates, key generation specs (algorithm / key size, signature alg), and even the ability to specify subject alternative names.

You can import/export certs to and from a variety of formats like JKS/PEM/DER/BKS/JCEKS/UBER. You can even have the extension auto-download certificates directly from a web server or TLS endpoint. No need to have someone send you the public cert in an e-mail, or export it in a browser or anything like that.

Without the extension, your destinations using TLS are only trusting the certificates in the default Java truststore. But with it, you can selectively enable or disable different certs for different connectors as needed. You can even have multiple connectors using mutual authentication with completely different client certs.

Also, you don't need to restart MC at all to make any TLS-related changes. All you need to do is redeploy the channel in question.

How do I configure this?

Hi
This is the first HTTP sender destination we are trying to set up on MIRTH.
We are using Mirth Connect 3.3.1.7856 and have purchased the v1000 appliance with support.

I have been given a destination address from the 3rd party we will be sending to (its an https) and is on the N3 (the secure NHS network). But I get an error on my connector that says (SSL not configured).

When I test the connection I do get a successful connection but with this error it will not let me deploy the channel or send any test messages.

Our network security team have suggested I use a proxy server (and have given me the details) but this does not work either.

Can anyone advise or point me in the direction of a help document that explains what I need to set up or what information I need to ask of the third party who have provided this address that they want the hl7 messages sending to?

You can still deploy a channel even if a destination connector has a "SSL Not Configured" warning. There's probably something else causing the validation error. Can you export and post your channel here?

Assuming you have support, have you actually installed the SSL Manager for your MC installation yet? If so, you should see a new configuration panel on the HTTP Sender settings:



You should also see a new settings tab:



If you haven't yet installed the extension, contact help desk and they'll be able to get it for you. There's a helpful user guide for the SSL Manager as well.

SSL Manager

Hi
We haven't installed the SSL manager yet, we've downloaded it. That was our next step - were going to add it when we do our monthly check for software upgrades (which is actually this Tuesday). We do have support but I will export the channel for you to have a look at see if there is anything really obvious that I've just missed as a newbie.

Thanks

Yeah, the issue is that you're performing a POST request, yet you haven't set any payload content. If you hit Validate Connector, you should see that the content text area at the bottom is highlighted in red.

If you meant to do a GET request, you can simply change the method on the HTTP Sender settings.

I think I'm supposed to be doing a POST request!?! I just want to send them the entire message in its raw format. As you probably guessed I'm not too sure how to do it.

See the "Destination Mappings" list to the right? Just drag over "Raw Data" or "Encoded Data" into the Content text area, and you should be good to go. If you want the data that flowed into the destination connector before the destination filter/transformer ran, choose Raw Data.

Thank you!!!
I'll let you know and send lots of smiley faces when I get it working.

No Luck I'm afraid. We added the SSL manager plugin and I downloaded the user guide, and followed the steps to set up a certificate for the website I want to send the information to. The connection is successful when I test it but I get the following error message when I try to send them a test message:-

HTTP Sender error
ERROR MESSAGE: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>407 Proxy Authentication Required</title>
</head><body>
<h1>Proxy Authentication Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

Do I need to ask for something to be done on their side to allow me to send the message to them?

You're still using a proxy server? Turn that off and try again.

If they require you to use a proxy server, then that error usually means you have to supply credentials. You will need to check with the manager of the server to get more information.

Ah you absolute star. Thank you!
On one of our original connection attempts we tried to go through a proxy server. I've turned that off and my message has sent. I just need to check with the 3rd party to confirm that they got it and that its what they're after. Luckily they're going to do all the manipulation of the message on their side and I just send it. I like the easy ones.

Once again thank you. I would have been on for days trying to get this working. I'm so used to TCP/IP when any other request for HL7 comes up it stumps me!