This thread contains a (unanswered) question about how to secure a webservice with a SSL certificate. I understand that by using a certificate, the webservice will be encrypted and extra security is added. I don't understand why this has to be SSL, are there alternatives? This (dutch) organization delivers the certificates and the page explains how the certificate can be loaded in the webserver. There is no need to share a client-certificate with the clients after loading the server-certificate. I don't understand how encryption is possible when there is no certificate-shake between the server and the client. Is there more background information about how to secure a IIS webserver/mendix webserver with a certificate and is there a recommandatation for the right certificate?
To anser my own question, I followed this blogpost after consulting Mendix. The webserver (IIS) now has an SSL certificatie on port 443. IIS only allows traffic on this port, so all call to the App are secure and encrypted.