We’ve Boosted! What this means for you

From 16 June 2025, we’ve upgraded our Home Fibre plans. These changes are now live, but while some documents on this site may still reference the old plan names, rest assured, the new speeds apply. Find out more.

Close
Feedback

Clean fibre-passed address September 2019

Raw fibre-passed address October 2019 data

Raw fibre-passed address September 2019 data

Fibre passed statement of accuracy August 2019 data

Clean fibre-passed address August 2019 data

Raw fibre-passed address August 2019 data

Fibre Ordering

Chorus Portal Customer List

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Web services
  5. Chorus Portal Customer List
Back

Chorus Portal Customer List

The following table provides a list of the Chorus customers.

The Chorus system name column lists the values required in the existingProviderName field if you are transferring or replacing another customers product.

Fibre Ordering

Our Emulation Environment - EMMA

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Architecture
  5. Our Emulation Environment - EMMA
Back

Our Emulation Environment - EMMA

Fibre Ordering

Generate a Self-Signed Certificate

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Architecture
  5. Generate a Self-Signed Certificate
Back

The steps below describe how to install OpenSSL and generate a self-signed certificate.

Install OpenSSL

Use the following steps to install OpenSSL on your local machine.

Step Action
1 Download openssl-0.9.8h-1-setup from http://downloads.sourceforge.net/gnuwin32/openssl-0.9.8h-1-setup.exe.
2

Navigate to your download folder, double-click openssl-0.9.8h-1-setup.exe.

Result: the Welcome to the OpenSSL Setup Wizard is displayed.
3

Click Next.

Result: the Licence Agreement screen is displayed.
4

Click Next.

Result: the Select Desination Location screen is displayed.
5

The default install folder is: C:\Program Files (x86)\GnuWin32

Click Next.

Result: the Select Components screen is displayed.
6

Select Compact installation.

Click Next.

Result: the Select Start Menu Folder is displayed.
7

Click Next.

Result: the Select Additional Tasks screen is displayed.
8

Click Next.

Result: the Ready to Install screen is displayed.
9

Click Install.

Result: OpenSSL is installed.

Add OpenSSL Environment Variables

Step Action
1

Follow the menu Start > Control Panel > System

Click Advance system settings

Result: the System Properties screen is displayed.
2 Click Advanced tab
3

Click Environment Vairables

Result: the Environment Variables screen is displayed.
4

Under System variables

Select the Path variable
Click Edit


Add the Path to the OPENSSL bin directory, e.g.:

Field What to enter
Variable value: C:\Program Files (x86)\GnuWin32\bin

Click OK
5

Under System variables

Select New
Add a variable for the openssl.cnf file, e.g.:

Field What to enter
Variable name: OPENSSL_CONF
Variable value: C:\Program Files (x86)\GnuWin32\share\openssl.cnf

Click OK

Click OK to close the System Properties screen.

Generate the Certificate

Use the following steps to generate your certificate and private key.

Step Action
1

Open a command prompt.

Change directory to where you would like to save the certificate.
2

Note: the following command uses "key.pem" as the Private Key name, "certificate.pem" as the Certificate name and creates a certificate for one year. You may choose your own values.

Run the command openssl req -x509 -sha256 -days 365 -newkey rsa:2048 -keyout key.pem -out certificate.pem

Result: the following message is displayed.

Loading 'screen' into random state - done Generating a 2048 bit RSA private key .........+++ ...................................................+++ writing new private key to 'secret.pem'
Enter PEM pass phrase:
3
Question What to enter
Enter PEM pass phrase: Enter a password to be associated with your Private Key.
Note: it's recommended that you use different passwords for test and Production.
Verifying - Enter PEM pass phase: Retype the password.

Result: the following message is displayed.

----- You are about to be asked to enter information that will be incorporated into your certificate request. 
What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields but you can leave some blank For some fields there will be a default value,
If you enter '.', the field will be left blank. 
4
Question Cardinality Example value
Country Name (2 letter code) [AU]: Optional  NZ
State or Province Name (full name) [Some-State]: Optional  WLG
Locality Name (eg, city) []: Optional  Wellington
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Optional  Test RSP Ltd
Organizational Unit Name (eg, section) []: Mandatory Support
Common Name (eg, YOUR name) []: Mandatory Test RSP
Email Address []: Optional  Tester@TestRSP.co.nz

Result: the certificate and private key are created in the current directory.

Verify the Certificate

Use the following steps to verify that your certificate has been created successfully.

Action

Open a command prompt.

Change to the directory where you generated the certificate.

Note: the following command uses "certificate.pem" as the Certificate name.

Run the command
openssl x509 -in certificate.pem -text -noout

Result: the certificate details are displayed. The following output was generated by a certificate created using the example values listed in step 4 above. The extensions are created as a default by OpenSSL 0.9.8h and are not mandatory. 

Certificate:

Data:
Version: 3 (0x2)
Serial Number:
ca:73:2f:16:17:58:8e:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=NZ, ST=WLG, L=Wellington, O=Test RSP Ltd, OU=Support, CN=Test
RSP/emailAddress=Tester@TestRSP.co.nz
Validity
Not Before: Sep 16 01:55:06 2015 GMT
Not After : Sep 15 01:55:06 2016 GMT
Subject: C=NZ, ST=WLG, L=Wellington, O=Test RSP Ltd, OU=Support, CN=Test
RSP/emailAddress=Tester@TestRSP.co.nz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:e9:4b:e7:ba:fc:27:ea:83:0a:af:63:cf:d8:fa:
b6:9d:16:20:5e:9b:2c:c2:84:c8:87:98:e7:18:3a:
45:5a:a5:e3:e6:64:2a:c2:cb:17:f9:5b:3b:21:79:
48:f2:c9:19:02:9f:23:c1:46:15:63:5b:1e:55:ce:
db:de:1a:8e:94:0a:64:39:38:c0:9d:3e:7b:65:59:
af:2d:51:75:90:43:3e:19:2a:d0:6c:0a:0d:d1:1b:
d5:24:07:0c:35:b3:51:15:bf:45:8b:70:30:fe:87:
e7:a7:a6:af:d3:38:17:31:97:80:b2:26:49:78:b4:
0c:58:9d:ce:ee:f0:e6:54:d2:76:54:9d:57:56:d9:
5f:d5:bf:3b:a5:73:cc:7c:75:23:ef:07:8f:80:5a:
8b:1a:cc:b0:56:35:59:c4:4f:f2:c2:bd:85:12:5f:
1a:0e:df:08:ba:24:62:9c:f4:e3:53:04:03:36:18:
17:2d:06:7f:33:37:d0:ee:6a:b5:b7:34:0f:77:42:
83:93:95:e8:68:88:f0:f2:32:6b:51:9e:15:74:f8:
10:5b:f3:a3:6d:d6:35:a0:91:e0:23:96:40:fb:d8:
40:18:db:6e:07:2e:cb:ca:06:a8:f2:9f:9b:6c:9f:
b9:47:d3:2f:2f:27:02:a2:ff:1e:97:0c:57:a1:1e:
b6:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:48:2D:69:DA:7A:EC:13:3E:F4:0E:B4:BD:77:2A:BF:28:45:31:99
X509v3 Authority Key Identifier:
keyid:54:48:2D:69:DA:7A:EC:13:3E:F4:0E:B4:BD:77:2A:BF:28:45:31:9
9
DirName:/C=NZ/ST=WLG/L=Wellington/O=Test RSP Ltd/OU=Support/CN=T
est RSP/emailAddress=Tester@TestRSP.co.nz
serial:CA:73:2F:16:17:58:8E:BD

X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
0c:8f:bd:f7:eb:5a:0e:46:a1:31:6a:ef:20:a9:b1:e7:7b:9c:
4b:20:e2:63:ea:57:8a:91:40:b3:bc:c0:28:dc:01:83:e1:bb:
31:c7:91:ed:ef:d8:e2:c6:2a:dd:63:59:34:ff:5c:ba:cd:64:
11:a2:68:29:21:aa:28:b2:da:c5:59:e6:4e:7b:49:22:bf:b5:
db:97:21:e7:a0:37:9f:b9:8c:50:37:58:34:15:ec:8e:f8:16:
c1:3b:5b:15:b1:a9:fe:89:8f:73:76:33:dc:e9:65:b5:12:ec:
4c:45:7f:f3:28:fd:ac:91:aa:b6:1b:d0:4f:74:91:2c:0f:5e:
d2:b6:de:81:2e:2e:5a:dd:cd:df:49:2a:62:15:ef:9f:6d:c1:
6a:b3:31:61:8e:bf:6c:5c:43:e9:e9:05:dd:9c:88:77:f3:b4:
d4:56:27:2a:5c:e4:b0:2b:d7:14:b5:65:dd:0c:58:fd:b0:f5:
ba:ae:fb:87:19:c4:d1:4e:1e:43:cd:5e:0c:83:29:4f:22:22:
dd:f7:2f:a4:f4:f4:48:21:16:59:d2:da:09:ed:5b:ce:78:a3:
ca:08:8f:95:2c:29:ce:87:2a:e5:6b:c6:a6:63:85:ce:ef:01:
63:c6:d1:50:d2:44:1c:fb:51:48:97:60:1b:36:6e:61:82:1a:
7e:4b:c2:35

Where to Next?

Send the certificate to your Implementation Manager for uploading into the Chorus B2B.

Fibre Ordering

Security Setup Information

Getting Started Architecture Processes Web services Help & support FAQs
  1. Tools
  2. Fibre Ordering
  3. B2B
  4. Architecture
  5. Security Setup Information
Back

Network Security

To enable messages to be exchanged between our network and yours, the external firewalls on both networks have to be configured to allow incoming and outgoing messages between our B2B gateways.

You need to provide us with all the static public IP address(es) and port number(s), which you will use to initiate and receive messages, and the URL endpoints of your B2B, so that we can allow them on our network.

Our public IP addresses, port, and URL endpoints, which you need to allow, are shown in the following tables.

Public IP Address Range Port Environment
  • 103.27.216.56
  • 103.27.216.57
  • 103.27.216.58
  • 103.27.216.59
  • 103.27.216.60
  • 103.27.216.61
  • 103.27.216.62
 443 Emulation & Production
URL End Point   Environment
https://emma-b2b-ws.chorus.co.nz/b2b   Emulation
https://b2b-ws.chorus.co.nz/b2b   Production

Transport Layer Security

We use X.509/TLS 1.2 to encrypt the message over HTTP (HTTPS), to set this up in your B2B you need to access our certificates from our URL endpoints. This needs to be done for both emulation and production.

We will retrieve your TLS certificates from your URL endpoints.

Web Services Security

The web services validate the SOAP header elements to ensure that messages are signed using security encryption (WS-Security) and that the message diagnostic header elements (MDH) identify the sender. 

Message encryption works as follows:

  • Messages you send to us must be signed using your X.509 private key. We will use your public key certificate to verify them.
  • Messages we send to you will be signed using our X.509 private key. You will use our public key certificate to verify them.

To set this up we will send you our public key certificates for both production and emulation. And you need to send us your public key certificates.

The certificates must meet x509 standards and we request that you provide them in the PEM file format. You may use Certificate Authority (CA) issued, or self-signed certificates. If you use:

  • CA Issued certificates, you need to provide us with the chain certificates (root and intermediate) in addition to your owner certificate.
  • Self-signed certificates, and require help generating them, see Generate Self Signed Certificates. This page provides instructions for creating the certificates and the mandatory fields. 

To securely deliver your public key certificates to us, we recommend they are exchanged on physical media like a USB flash drive or by email in a password protected zip file.

The Web Services Security - Message Diagnostic Header page describes the values required in the MDH elements.

Validate Security Setup

To validate the messaging is secure and encrypted, submit a request to one of our web services (e.g. Query Location) and you should receive a response back from us.

Subscribe to