About XGate 5 Secure Channel
DriverMate supports the XGate5 XPDP Secure channel, which is similar to the standard XGate5 XPDP channel except it has enhanced security based on SSL certificates.
The XGate5 XPDP Secure channel has the following features:
- Requires extra configuration and setup over the regular XPDP channel. With this channel type, the message payload, GPS, and Application ID of real time messages are encrypted. All messages are encrypted; there is no option to individually encrypt messages as there is with the regular XPDP channel.
- Uses 256 bit AES encryption where the keys are randomly generated by the client and sent to the server via a key exchange protocol using asymmetric RSA encryption based on SSL certificates. XGate requires a certificate in order to identify itself to the mobile app and encrypt the key. A self-signed certificate is sufficient; however, the mobile application must be configured with knowledge of the certificate in order to verify that it is communicating with a valid XGate5 service.
Note: For security reasons, the SSL certificate used by
XGate
should be periodically changed, typically,
once every year.
A digital certificate must be installed on the XGate Server to encrypt the data that is transmitted between XGate and DriverMate. The certificate thumbprint is required for the DriverMate configuration file.
Certificates can be acquired through the following options:
- Purchase from Certificate Authorities (CAs) or domain name registrars such as GoDaddy.
- Generate a self-signed certificate through XGate5.
- Generate self-signed certificates using Microsoft Internet Information Services (IIS).
- Create certificate using PowerShell. This option is applicable only with Windows Server 2012 or later.
The main benefit of self-signed certificates is that they are free. Certificates from Certification Authorities usually require a fee.