-
Notifications
You must be signed in to change notification settings - Fork 5
Integration Environment Set‐up Guidance
Details on the Integration environment can be found here:
https://digital.nhs.uk/services/path-to-live-environments/integration-environment
However, not all steps in the above guide apply to GP Connect. This document provides tailored guidance specifically for GP Connect onboarding. Follow the steps below to establish a successful connection to the Integration (INT) environment.
- You do not need to request test data from
testdata@nhs.net.- Test data is included within your Digital Onboarding Service Application.
- You do not need to request smartcards for GP Connect.
- You will require a Health and Social Care Network (HSCN) connection to access the GP Connect Integration environment.
Register your messaging product with Spine using the MPV registration form - https://digital.nhs.uk/services/path-to-live-environments/path-to-live-forms/manufacturer-product-version-registration-request
Complete the Form as Follows:
- Name
- Organisation
- Telephone Number
- Email Address
- Select Integration
- Manufacturing/Deployer Organisation
- Manufacturer/Developer Organisation ODS Code
- Product Name
- Version Name
Select the message sets applicable to the GP Connect capability being assured.
| Capability | Message Sets |
|---|---|
| Access Record: HTML | GPConnect-AccessRecordHTML-0 GPConnect-Foundations-1 |
| Access Document | GPConnect-Documents-1 GPConnect-Foundations-1 |
| Access Record: Structured | GPConnect-Foundations-1 GPConnect-StructuredRecord-1 |
Once completed, submit the request.
The request will be sent to Platform Support who will register your product. After confirmation, proceed to endpoint registration.
Use the Combined Endpoint and Service Registration Request form - https://digital.nhs.uk/services/path-to-live-environments/path-to-live-forms/combined-endpoint-and-service-registration-request
Provide the same:
- Name
- Organisation
- Contact details
used in the MPV registration.
Select:
- Create an Endpoint
- Select Integration
- Enter a Fully Qualified Domain Name (FQDN) using the format:
gpc-int-<ods-code>.<suppliername>.thirdparty.nhs.uk
Provide a certificate request with:
| Field | Requirement |
|---|---|
| Common Name (CN) | Must match the FQDN |
| Key Length | Minimum 2048 bits |
| Country Code | GB |
| Other Fields | Leave blank or default |
Before generating a Certificate Signing Request (CSR):
- Install the latest Root CA and Sub CA certificates.
- Download them from:
https://digital.nhs.uk/services/path-to-live-environments/integration-environment
- Ensure OpenSSL is installed.
Open Command Prompt and navigate to the desired folder:
Example:
cd C:\Users\johnsmith\DesktopReplace <FQDN> with your domain name:
openssl req -out <FQDN>.csr -new -newkey rsa:2048 -nodes -keyout <FQDN>.keyExample:
openssl req -out client.ncrs.nhs.uk.csr -new -newkey rsa:2048 -nodes -keyout client.ncrs.nhs.uk.keyExample output:
Generating a 2048 bit RSA private key
......................................................+++
..........+++
writing new private key to 'client.ncrs.nhs.uk.key'
-----
You will be prompted for certificate information.
Example:
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []: <FQDN>
Email Address []:
For Common Name, enter the FQDN that the certificate will be issued for:
Example:
client.ncrs.nhs.uk
Press Enter when prompted:
A challenge password []:
An optional company name []:
| File | Description |
|---|---|
<FQDN>.csr |
CSR file to submit with registration forms |
<FQDN>.key |
Private key (keep secure) |
client.ncrs.nhs.uk.csr
client.ncrs.nhs.uk.key
Important: Never share the private key externally.
Select:
- CMA Endpoint
Provide:
- Recipient ODS Code
- Recipient ODS Organisation Name
- Manufacturer/Deployer ODS Code
- Manufacturer Product
- Manufacturer Product Version
For INT testing, the recipient ODS code can be:
- The manufacturer ODS code, or
- An ODS code of a future deployment site.
Not applicable. Leave blank.
Not applicable. Leave blank.
After submission, endpoint details are typically provided within 3–5 working days.
The Authority Service Names (ASN) document provides current URLs, IP addresses and ports:
https://digital.nhs.uk/services/path-to-live-environments/integration-environment
| Description | URL | IP Address | Port |
|---|---|---|---|
| GP Connect SSP Proxy | https://proxy.int.spine2.ncrs.nhs.uk/[provider service root url]/[fhir request] | 10.239.14.31 | TCP 443 |
| SDS FHIR API | https://int.api.service.nhs.uk/spine-directory/FHIR/R4 | See ASN document | See ASN document |
| PDS FHIR API | https://int.api.service.nhs.uk/personal-demographics/FHIR/R4/ | See ASN document | See ASN document |
In addition to ASN requirements, allow access to:
| Setting | Value |
|---|---|
| Subnet | 10.239.14.0/24 |
| Ports |
443, 636
|
| Direction | Inbound and Outbound |
To establish trust with the Integration environment:
- Copy the required Root CA or Sub CA certificate.
- Paste into a text file.
- Save locally.
- Rename the extension from
.txtto.der. - Import into the local certificate store.
| Certificate | Store |
|---|---|
| Root CA | Trusted Root Certification Authorities |
| Sub CA | Intermediate Certification Authorities |
Refer to your software supplier documentation for application-specific certificate installation steps.
You will need:
end_point_certificate.crtsubCA.crtrootCA.crtprivate_key.txt
Important: All certificates must be G2 certificates.
Combine certificates in the following order:
end_point_certificate.crtsubCA.crtrootCA.crt
Save as:
my_cert_chain.txt
cat end_point_certificate.crt subCA.crt rootCA.crt > my_cert_chain.txtUsing OpenSSL and:
my_cert_chain.txtprivate_key.txt
You will be prompted to create an export password.
openssl pkcs12 -export -inkey private_key.txt -in my_cert_chain.txt -out my_pkcs12.pkcs12Output:
my_pkcs12.pkcs12
openssl pkcs12 -export -inkey private_key.txt -in my_cert_chain.txt -out my_pfx.pfxOutput:
my_pfx.pfx
| File | Description |
|---|---|
my_pkcs12.pkcs12 |
PKCS#12 certificate bundle |
my_pfx.pfx |
PFX certificate bundle |
As part of GP Connect testing, your solution must demonstrate interaction with:
- PDS
- SDS
- SSP
If onboarding for:
- Spine Mini Service Provider (SMSP)
- PDS
- PDS FHIR API
then your endpoint may already be registered.
If:
- Using a third-party provider, or
- PDS assurance has not yet been completed,
contact the Assurance Team to request PDS interactions in INT.
- Navigate to Environment Access in the Environment Access & Onboarding section.
- Select Add New Application.
- Choose Integration Test as the environment.
- Assign an Application Owner.
- Enter an Application Name.
- Review all details and select Create Application.
- Open the application.
- Select Add APIs.
- Enable:
Spine Directory Service (Integration Testing)
This enables SDS FHIR API access for integration testing.