How to Enable SSL with Board 12 Web Server (HTML 5)

Board Support

An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. SSL is a security protocol that creates an encrypted link between a web server and a web browser.

BOARD administrators will need to add SSL certificates to their websites during installation, to secure online transactions and keep customer information private and secure.

To enable SSL on BOARD 12 Web Server, please follow the steps below:

1) Install your Certificate

The first step for enabling SSL, is the installation of a Standard Server SSL Certificate. Warning: If you are importing an SSL Certificate through Windows Wizard, choose the Windows Default Location, usually the User's “Personal Store” of the “Local Machine” Option:

Open the Certificate Manager (in Windows 8 or later OSs, you can search for “Certificate”) and check that the SSL Certificate is visible in the Local Computers Personal Certificate Store.

2) Save the "Thumbprint" of your Certificate

The Thumbprint is the Hash of your SSL Certificate; the NETSH Command, through the Hash, identifies what SSL Certificate you want to associate to the Communication Port.

2.1 Open the Certificate Manager (the one already opened and identified in the above screenshot) and double click on your SSL Certificate to view its attributes. (see below)

2.2 Select the “Details” Tab, and scroll down to the “Thumbprint” Element.

2.3 Copy the Hash Value

2.4 Save the Hash String removing the spaces between the characters (you will need this later on)

3) Use NETSH Command to bind the SSL Certificate to the Port Number

To bind the SSL certificate we need to generate a valid appid for the webAPI engine.
This is a web-based version of Create GUID Tool in Visual Studio - TechNet to generate GUIDs: https://www.guidgen.com/

3.1 Copy the generated appid from the web page.
3.2 Now run the following commands:

This command binds the Port Number to the URL:

C:\> netsh http add urlacl url=https://servername.mydomain.com:443/ user=Everyone

This command binds the Port Number to the SSL Certificate:

C:\> netsh http add sslcert ipport=0.0.0.0:443 certhash=8742xxxxxxxxxxxxxxxxxxxxxxxxxxxxx7c appid={xxxxxxxxxxxx-9499-4eb7-xxxx-25c09cabb7xxx}

Note: In Red you can see the SSL Certificates’ Hash that you have "saved" like String in the previous step

Note: In Blue you can see the Application ID that you got like String Guidgen website

Note: If you are using wild card certificate the URL parameter in the first command will be:

URL=https://*.mydomain.com:443/

4) Configure Board Web to Run on Port 443

4.1 Edit the file BoardWebAPIEngine.exe.config by default located in C:\Program Files (x86)\Board\Board WebApi Server\App_Data\config\appSettings.config

4.2 Edit the Key "host" to enable https on port 443 and set the Host Name bound with the SSL Certificate.

The hostname must match with the URL parameter of the NETSH command that you have previously executed

(see below)

5) Restart the Board Web API Engine Service

If you have SSL enabled on the BOARD server config, in the Security Tab (see below), then:

- Edit the BOARD ServerConfig file to enable the key "useSSL" with value="true" (<add key="useSSL" value="true" />)

- Check that the value for the key BOARD engine has a fully qualified name as defined in certificate (<add key="boardEngine" value="myserver.mydomain.com" />)

Troubleshooting

If the browser is not able to connect on port 443 verify that the port is correctly bound using this command:

netsh http show sslcert

The result must include the following line:

IP:port : 0.0.0.0:443

Certificate Hash : <your certificate hash>

Application ID : <your application ID>

If the port 443 is not present in the result, execute the following command lines:

netsh http del sslcert ipport=0.0.0.0:port
netsh http add sslcert ipport=0.0.0.0:port certhash=<your Hash> appid={your ID}