Configure SSL/TLS for Integration Host on AWS


1. A deployment of Integration Host Server running on Amazon Web Services as an EC2 Instance. Check out our guide on deploying to AWS.
2. A domain name you own.



1. Navigate to the AWS Certificate Manager and request a public certificate.
2. Enter your domain name, if you don't currently have one you can purchase one through AWS Route 53 for fairly cheap.
3. Choose your validation method, if you have access to the configuration for your domain definitely choose DNS Validation as email validation can take a few hours to process.
4. For DNS Validation, simply create a CNAME Record with the provided name and value in your domain's configuration. Certificate Manager Settings


Load Balancer Settings

1. Navigate to the Elastic Beanstalk environment for your deployment of Integration Host.
2. Go to the configuration and scroll down to 'Load balancer', click edit.
3. Add a new listener on port 243 with protocol 'HTTPS'
4. Select the certificate you requested in step 1 from the SSL certificate drop down and choose the ELBSecurityPolicy-2016-08. Click add.
5. Click apply at the bottom of the page and wait for your environment to reboot.





This process will be vary depending on where your domain is hosted. The following steps are for a domain inside of Amazon's Route 53 but should be similar for all hosting services.

1. Enter the configuration for your domain inside of Route 53 by navigating to Hosted Zones > Your Domain Name
2. Click 'Create Record' and add a new 'A' record with the value being the url of your environment's load balancer.



1. Install and launch the latest version of Integration Host.
2. Enter your license number.
3. Click the HL7 Soup icon in the top left to open the settings, click on the Server tab and change the url to https://yourdomainhere.com. Make sure you are using the url of the domain name you own and NOT the url of your Elastic Beanstalk environment. Finally click Test Connection to check it all works!
4. It is important to note that AWS load balancing does NOT currently support mutual TLS authentication. You will not be able to use a client certificate to verify who you are to the server. Instead we suggest you use inbound rules on your load balancer's security group to limit the IPs it will accept traffic from. Server URL in Integration Host

Download HL7 Soup and Integration Host from our downloads page.

Return to Tutorials Directory