数据操作的 MTLS 支持

注意： 本文适用于 Web 服务数据操作集成。

您可以使用相互传输层安全性 (MTLS) 提高数据操作服务和 Web 服务之间的安全性。借助 MTLS，这两种服务相互提供受信任的证书。

Configure your service to ask the data actions service for an MTLS certificate and to trust certificates from the private certificate authority (CA) for your Genesys Cloud region. Each certificate includes a certification revocation list (CRL).

注意： Genesys Cloud 建议与根 CA 建立信任关系，这更新和自动更新证书。与 CA 建立信任关系可确保新证书可用时不会发生中断。

When you configure the web services data actions integration, either select Genesys Cloud or Digicert as the certificate authority.

This image is a screenshot of the web services data action configuration window to select the certificate authority.

Genesys Cloud as certificate authority

When you select Genesys Cloud as the certificate authority, the client certificate is directly signed by the regional Genesys private certificate authority with no intermediate certificates. The Genesys Cloud private root CA automatically rotates the client certificate every year. Trusting the regional CA ensures that no interruptions occur when the certificate is rotated.

下表列出了每个 Genesys Cloud 区域的客户端证书的区域域名。确保信任与您所在地区关联的证书。

Genesys Cloud 登录	区域域名	证书 (.zip)
美洲（加拿大）	数据行动 .prod-cac1.ca-中央 -1.mypurecloud.com	CA-中央 -1
美洲（圣保罗）	dataactions.prod-sae1.sa-east-1.mypurecloud.com	SA-东-1
美洲（美国东部）	数据行动 .prod.us east-1.mypurecloud.com	美国东部 -1
美洲（美国东部 2）	dataactions.fedramp-use2-core.us-east-2.mypurecloud.com	美国东部-2
美洲（美国西部）	数据行动 .prod-usw2.us west-2.mypurecloud.com	美国西部 -2
亚太地区（孟买）	数据行动 .prod-aps1.ap-南1.mypurecloud.com	APS-1
亚太地区（大阪）	数据行动 .prod-apne3.ap-Eastnor-3.mypurecloud.com	APNE-3
亚太地区（首尔）	数据行动 .prod-apne2.ap-East-2.mypurecloud.com	APNE-2
亚太地区（悉尼）	数据行动 .prod-apse2.ap-Eastoure2.ap-2.mypurecloud.com	APSE-2
亚太地区（东京）	数据行动 .prod-apne1.ap-Eastnor-1.mypurecloud.com	APNE-1
欧洲、中东和非洲（都柏林）	数据行动 .prod-euw1.eu-west-1.mypurecloud.com	欧盟西部 -1
欧洲、中东和非洲（法兰克福）	数据行动 .prod-euc1.eu-中央 -1.mypurecloud.com	欧盟中部 -1
欧洲、中东和非洲（伦敦）	数据行动 .prod-euw2.eu-west-2.mypurecloud.com	欧盟西部 -2
EMEA（苏黎世）	数据行动 .prod-euc2.eu-中央 -2.mypurecloud.com	欧盟中部 -2
中东（阿联酋）	dataactions.prod-mec1.me-central-1.mypurecloud.com	ME-中央-1

Digicert as certificate authority

When you select Digicert as the certificate authority, the data action MTLS client certificate is signed by a Digicert intermediate certificate that is rooted on a publicly trusted Digicert certificate authority. Configure your endpoint to trust the current client certificate explicitly and the upcoming certificate during the annual certificate rotation. Genesys Cloud provides an endpoint for all customers to query about the current and upcoming client certificate associated with your region.

The Genesys Cloud public API to retrieve the available MTLS certificates is api/v2/integrations/actions/certificates/. For more information, see API Explorer in Genesys Cloud Developer Center.

The optional query parameters for the public API endpoint are:

Query param	Possible values
状态	Current, Upcoming
Signing Authority	Digicert, Genesys

A sample output of the API call:

{
  "entities": [
      {
        "signingAuthority": "DigiCert",
        "certificate": "-----BEGIN CERTIFICATE-----
         \r\nMIIFTzCCBDegAwIBAgIQAiR1dObCOTT5eSuynYFC2zANBgkqhkiG9w0BAQsFADBq\r\nMQswCQYDVQQGEwJV
         UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwY...
         b/BmD0WY51jgQSdTmkU11Mi5XdZ+bqkZL88He\r\n40p5a6E2HGTWd1CfCRz/T6rNOsvNekfSH1PXzTi/sWfx4rr
         c4IKOtVbQZIyziLRI\r\nYr0GHu6jLFeGT3ma0v7gdffevw==\r\n-----END CERTIFICATE-----\r\n
          -----BEGIN CERTIFICATE-----
          \r\nMIIFXzCCBEegAwIBAgIQD/rh8xorQzw9muFtZDtYizANBgkqhkiG9w0BAQsFADBl\r\nMQswCQYDVQQGEwJV
          UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\nd3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtE
          aWdpQ2VydCBBc3N1cmVkIElEIFJv\r\nb3QgRzIwHhcNMTkwOTIzMTIyNTMyW...
          oECzez2y/1IVTPl\r\nh57zBfjHJQFqLWzHdou8M+ucdJtr2swXII6s3nkq4pfEn7KnbzMS9quFSuyOGILc\r\ng
          /3qVwaHNLM5R+8nB5gPI5+u5Uh56w1i+9Ds1pjYAiTHdeU=\r\n-----END CERTIFICATE-----\r\n
          -----BEGIN CERTIFICATE-----
          \r\nMIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl\r\nMQswCQYDVQQGEwJV
          UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r\nd3cuZGlnaWNlcnQuY29tMSQ...
          WhsI6yLETcDbYz+70CjTVW0z9\r\nB5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWz
          wPDCv\r\nON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo\r\nIhNzbM8m9Yo
          p5w==\r\n-----END CERTIFICATE-----",
         "status": "Current",
         "type": "Client"
       },
       {
         "signingAuthority": "Genesys",
         "certificate": "-----BEGIN CERTIFICATE-----
         \nMIIFYTCCA0mgAwIBAgIRAJksgLAGZ8Mor/v3MOmYwA0wDQYJKoZIhvcNAQELBQAw\ngZUxCzAJBgNVBAYTAlVT
         MRAwDgYDVQQIDAdJbmRpYW5hMRUwEwYDVQQHDAx...
         GT5KD0ruJX5KfqTxxShjV1Thkk2dxcg2l8ZcZJu2v58T+Xy9/\nvQ435njK19evaXXoTum7cxHJjF2DislWkhPii
         fz/ID5/UP365Q==\n-----END CERTIFICATE-----\n\n",
         "status": "Current",
         "type": "Client"
        }
       ].,
         "pageSize": 20,
         "pageNumber": 1,
         "total": 2,
         "pageCount": 1
 }

An upcoming certificate is provided only for the DigiCert authority, and only if the current certificate has less than 90 days of validity remaining.

有关集成的详细信息，请参阅关于 Web 服务数据操作集成。