The following prerequisites apply:

• Nexus Personal Messaging is installed on-premises or consumed as a service via Nexus GO Messaging. 
• If Nexus GO Messaging is used, the access point must be protected by a public certificate, see Add certificates. When deploying a server certificate, its certificate chain up to the root shall also be added in CA certificates.
• If the Personal Mobile profile data was first created in Hybrid Access Gateway, that must first be migrated to Nexus Personal Messaging or Nexus GO Messaging. See Hybrid Digital Access Gateway component news.

1. Log in to the Hybrid Access Gateway administration interface with your admin user.

If you use Nexus GO Messaging, then you first need to request an API key from Nexus.

To request a Nexus GO Messaging API key:

1. Find your Nexus GO Messaging callback URL:

   1. In the Hybrid Access Gateway administration interface, go to Manage System > Policy Services.

   2. Click Manage Global Policy Service Settings....

   3. Copy Personal Messaging Callback URL, and replace <access-point-public-host> with your DNS name.

      Panel
      title Default: Personal Messaging Callback URL
      https://<access-point-public-host>httpshost>/https/api/rest/v3.0/personalmessaging

      
      

2. Request an API key from Nexus by sending an email with the callback URL to Nexus support: support@nexusgroup.com.
   
   When you have received a reply, you can go on to the following tasks.

To set up the connection to Personal Messaging:

1. In the Hybrid Access Gateway administration interface, go to Manage system > Policy Services.
2. Click Manage Global Policy Service Settings....
3. Check Enable Provisioning.

4. Enter Provisioning Settings, that will apply to all policy services. Click the ?-sign for more information.

   1. In Personal Messaging URL, enter a valid URL:

      1. For Personal Messaging on-premises, enter the URL as it has been configured in Personal Messaging.
         In this example, the default path is shown. If you have changed the path when you installed Personal Messaging, enter your configured path here. For more information, see Install Hermod:
         

         Panel
         title Example: Personal Messaging URL for Personal Messaging on-premises
         https://<personalmessaging-public-host>/hermod/rest/command

         
         

      2. For Nexus GO Messaging, enter the following URL:

         Panel
         title Example: Personal Messaging URL for Nexus GO Messaging
         https://messagingservice.go.nexusgroup.com/command

         
         

   2. In Image API URL, replace <access-point-public-host> with your DNS name.

   3. Enter an X API Key:
      1. For Personal Messaging on-premises, enter an API Key that has been generated in Personal Messaging. For more information on how to generate a key, see Add API user and callback URL in Hermod.
      2. For Nexus GO Messaging, enter the X API key as received by Nexus.
   4. If required, enter your own Attestation Key, whichis used to sign provisioning responses.
      There is a default Attestation Key stored, but it can be required to upload your own key, for example if you use the Nexus Personal Smart ID Mobile SDK.
   5. If you upgrade from version 5.12 or earlier of Hybrid Access Gateway, and already use Personal Mobile, you need to migrate these profiles to Nexus Personal Messaging (see Hybrid Digital Access Gateway component news). Enter a Messaging Service Public URL. Thisis the URL that the existing Personal Mobile profiles will be redirected to at the very first call after the migration. After that, the Personal Mobile profile will memorize the new URL and use it for later calls.
      

      1. For Personal Messaging on-premises, enter the URL as it has been configured in Personal Messaging.
         In this example, the default path is shown. If you have changed the path when you installed Personal Messaging, enter your configured path here. For more information, see Install Hermod:

         Panel
         title Example: Messaging Service Public URL for Personal Messaging on-premises
         https://<personalmessaging-public-host>/hermod/rest/ms

         
         

      2. For Nexus GO Messaging: 

         Panel
         title Example: Messaging Service Public URL for Nexus GO Messaging
         https://messagingservice.go.nexusgroup.com/ms

         
         

      Note
      This is supported from Nexus Smart ID Mobile App (Personal Mobile) version 3.10.

      
      

   6. For help on other input fields, click the ?-sign for more information.

The Personal Mobile app must be able to receive images during the authentication process. For this, a public available web resource as well as the Image API must be enabled.

To make Hybrid Access Gateway trust Personal Messaging, the Personal Messaging certificate authority (CA) must be added in Hybrid Access Gateway:

1. Locate the CA certificate files:

   1. For on-premises installation of Personal Messaging, locate the SSL certificate that was used to set up Personal Messaging.

   2. For Nexus GO Messaging, download the following CA certificate file:

      Digicert intermediate CA: Digicert_SHA2_intermediate.cer

2. Add the CA in Hybrid Access Gateway by uploading the CA certificate files. See the section Add certificate authority in Add certificates.