Feedback

Fibre Ordering

Security Setup Information

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Architecture
  5. Security Setup Information
Back

Network Security

To enable messages to be exchanged between our network and yours, the external firewalls on both networks have to be configured to allow incoming and outgoing messages between our B2B gateways.

You need to provide us with all the static public IP address(es) and port number(s), which you will use to initiate and receive messages, and the URL endpoints of your B2B, so that we can allow them on our network.

Our public IP addresses, port, and URL endpoints, which you need to allow, are shown in the following tables.

Public IP Address Range Port Environment
  • 103.27.216.56
  • 103.27.216.57
  • 103.27.216.58
  • 103.27.216.59
  • 103.27.216.60
  • 103.27.216.61
  • 103.27.216.62
 443 Emulation & Production
URL End Point   Environment
https://emma-b2b-ws.chorus.co.nz/b2b   Emulation
https://b2b-ws.chorus.co.nz/b2b   Production

Transport Layer Security

We use X.509/TLS 1.2 to encrypt the message over HTTP (HTTPS), to set this up in your B2B you need to access our certificates from our URL endpoints. This needs to be done for both emulation and production.

We will retrieve your TLS certificates from your URL endpoints.

Web Services Security

The web services validate the SOAP header elements to ensure that messages are signed using security encryption (WS-Security) and that the message diagnostic header elements (MDH) identify the sender. 

Message encryption works as follows:

  • Messages you send to us must be signed using your X.509 private key. We will use your public key certificate to verify them.
  • Messages we send to you will be signed using our X.509 private key. You will use our public key certificate to verify them.

To set this up we will send you our public key certificates for both production and emulation. And you need to send us your public key certificates.

The certificates must meet x509 standards and we request that you provide them in the PEM file format. You may use Certificate Authority (CA) issued, or self-signed certificates. If you use:

  • CA Issued certificates, you need to provide us with the chain certificates (root and intermediate) in addition to your owner certificate.
  • Self-signed certificates, and require help generating them, see Generate Self Signed Certificates. This page provides instructions for creating the certificates and the mandatory fields. 

To securely deliver your public key certificates to us, we recommend they are exchanged on physical media like a USB flash drive or by email in a password protected zip file.

The Web Services Security - Message Diagnostic Header page describes the values required in the MDH elements.

Validate Security Setup

To validate the messaging is secure and encrypted, submit a request to one of our web services (e.g. Query Location) and you should receive a response back from us.