Certificate and Internet Requirements in K2
Carefully read this section to determine where and when you need K2 web sites and endpoints to be signed by a valid certificate and available on the internet.
Using a Certificate
K2 recommends using a certificate issued by a Certification Authority (CA) that is trusted by Windows, and that the same certificate is used for all K2 web sites and endpoints.
Keep in mind, however, that K2 generates and uses a self-signed certificate for web sites selected during installation that do not already have certificates.
SharePoint Online requires that the certificate associated with SharePoint remote event receiver endpoint in K2 (https://{K2WebSite}/SP15EventService/RemoteEventService.svc) be issued by a CA that is trusted by Windows.
You must be aware of your requirements when choosing an SSL certificate. For example, a single wildcard certificate for *.domain.com, works for the following domains:
- runtime.domain.com
- designer.domain.com
- apps.domain.com
However, because the wildcard certificate only covers one level of sub-domains, the following domains are not valid for the *.domain.com certificate:
- data.runtime.domain.com
- forms.designer.domain.com
- app-123356.apps.domain.com
Exposing K2 Sites on the Internet
The K2 web sites and SharePoint remote event receiver endpoints may need to be accessible on the internet depending on your scenario.
- User Browser (Intranet Only): K2 web sites do not need to be internet-accessible when accessing those sites from within the company intranet or via VPN.
- User Browser (Remote Access): K2 web sites do need to be internet-accessible when accessing these sites from outside the company intranet or VPN.
- SharePoint Online Remote Event Receivers: The SharePoint remote event receiver endpoint in K2 (https://{K2WebSite}/SP15EventService/RemoteEventService.svc) must be internet-accessible when building event-based processes for SharePoint Online.