Configure SSL/TLS for Integration Host on AWS

Learn to configure SSL/TLS using AWS Load Balancers for your cloud deployment of HL7 Soup Integration Host
This guide requires you to have:

1. A deployment of Integration Host Server running on Amazon Web Services as an EC2 Instance. Check out our guide on deploying to AWS.
2. A domain name you own.


Step 1: Request a Certificate From AWS Certificate Manager

1. Navigate to the AWS Certificate Manager and request a public certificate.
2. Enter your domain name, if you don't currently have one you can purchase one through AWS Route 53 for fairly cheap.
3. Choose your validation method, if you have access to the configuration for your domain definitely choose DNS Validation as email validation can take a few hours to process.
4. For DNS Validation, simply create a CNAME Record with the provided name and value in your domain's configuration. Certificate Manager Settings


Load Balancer Settings Step 2: Configure Your Load Balancer

1. Navigate to the Elastic Beanstalk environment for your deployment of Integration Host.
2. Go to the configuration and scroll down to 'Load balancer', click edit.
3. Add a new listener on port 243 with protocol 'HTTPS'
4. Select the certificate you requested in step 1 from the SSL certificate drop down and choose the ELBSecurityPolicy-2016-08. Click add.
5. Click apply at the bottom of the page and wait for your environment to reboot.





Step 3: Create an A Reference From Your Domain to Your Load Balancer

This process will be vary depending on where your domain is hosted. The following steps are for a domain inside of Amazon's Route 53 but should be similar for all hosting services.

1. Enter the configuration for your domain inside of Route 53 by navigating to Hosted Zones > Your Domain Name
2. Click 'Create Record' and add a new 'A' record with the value being the url of your environment's load balancer.


Step 4: Test your Deployment

1. Install and launch the latest version of Integration Host.
2. Enter your license number.
3. Click the HL7 Soup icon in the top left to open the settings, click on the Server tab and change the url to https://yourdomainhere.com. Make sure you are using the url of the domain name you own and NOT the url of your Elastic Beanstalk environment. Finally click Test Connection to check it all works!
4. It is important to note that AWS load balancing does NOT currently support mutual TLS authentication. You will not be able to use a client certificate to verify who you are to the server. Instead we suggest you use inbound rules on your load balancer's security group to limit the IPs it will accept traffic from. Server URL in Integration Host

Helpful Links

Download HL7 Soup and Integration Host from our downloads page.

Return to Tutorials Directory

What's happening, and what is planned?

  • Version 3.6

    Posted by Jason Bolstad 11th Apr 2023

    Grab your copy of Version 3.6 now! Open large HL7 files super fast. Use Statistics to compare values across all of your messages. Check it out here.

  • Version 3.5 Released

    Posted by Jason Bolstad 2nd Sep 2022

    Version 3.5 is ready for download. Improved performance using less memory. New apps for Azure and AWS, and Docker containers. Review all the new features here.
More Info

Key Features

More Info

Integrate Systems

  • Integrate

    What makes your integrations easier and more profitable than ever?

  • Communicate

    How can a message designed for computers be shared with real people?

  • Educate

    Understanding an HL7 message is quest, and time is your enemy...

More Info