How to enable SSL with Board 10 Web Server (HTML 5)

Document created by ggallo Employee on Jun 29, 2017Last modified by ggallo Employee on Jul 20, 2017
Version 6Show Document
  • View in full screen mode

If you need to enable SSL on BOARD 10 Web Server please execute the following steps:

 

1) Install your Certificate
The first step for enabling SSL, is the installation of a Standard Server SSL Certificate.

Warning: If you are importing an SSL Certificate through Windws Wizard, choose the Windows Default Location, usually the User's “Personal Store” of the “Local Machine” Option:

(see below)

 

Open the Certificate Manager (in Windows 8 or later OSs, you can search for “Certificate”) and check that the SSL Certificate is visible in the Local Computers Personal Certificate Store:

(see below)

 

 

2) Save the “Thumbprint” of your certificate

The Thumbprint is the Hash of your SSL Certificate;  the NETSH Command, through the Hash, identifies what SSL Certificate you want to associate to the Communication Port.

 

2.1 Open the Certificate Manager (the one already opened and identified in the above screenshot) and double click on your SSL Certificate to view its attributes.

(see below)

 

 

2.2 Select the “Details” Tab, and scroll down to the “Thumbprint” Element.

2.3 Copy the Hash Value

2.4 Save the Hash String removing the spaces between the characters (you will need this later on)

 

3) Use NETSH Command to bind the SSL Certificate to the Port Number

To bind the SSL certificate we need to generate a valid appid for the webapi engine.

This is a web-based version of Microsoft's GuidGen tool to generate GUIDshttps://www.guidgen.com/

 

3.1 Copy the generated appid from the web page.

3.2 Now run the following commands:

 

This command binds the Port Number to the URL:

C:\> netsh http add urlacl url=https://servername.mydomain.com:443/ user=Everyone


This command binds the Port Number to the SSl Certificate:

C:\> netsh http add sslcert ipport=0.0.0.0:443 certhash=8742xxxxxxxxxxxxxxxxxxxxxxxxxxxxx7c appid={xxxxxxxxxxxx-9499-4eb7-xxxx-25c09cabb7xxx}

 

Note: In Red you can see the SSL Certificates's Hash that you have "saved" like String in the previous step

Note: In Blue you can see the Application ID that you got like String Guidgen website

Note: If you are using wild cartd certificate the URL parameter in the first commad will be:

url=https://*.mydomain.com:443/

 

4) Configure Board Web to run on port 443

4.1 Edit the file BoardWebAPIEngine.exe.config by default located in C:\Program Files (x86)\Board\Board WebApi Server\App_Data\config\appSettings.config

4.2 Edit the Key "host" to enable https on port 443 and set the Host Name bound with the SSL Certificate.

The hostname must match with the url parameter of the NETSH command that you have previously executed

(see below)

 

<appSettings>
    <add key="host" value="https://servername.mydomain.com:443/" />
    <add key="boardEngine" value="localhost" />
    <add key="port" value="9700" />
</appSettings>

 

5) Restart the Board Web Api Engine Service

If you have SSL enabled on the BOARD server config, in the Security Tab (see below), then:

 

 

- Edit the BOARD ServerConfig file to enable the key "useSSL" with value="true" (<add key="useSSL" value="true" />)

- Check that the value for the key BOARD engine has a fully qualified name as defined in certificate (<add key="boardEngine" value="myserver.mydomain.com" />)

Troubleshooting

If the browser is not able to connect on port 443 verify that the port is correctly bound using this command:

netsh http show sslcert

 

The result must include the following line:

IP:port                           : 0.0.0.0:443
Certificate Hash            : <your certificate hash>
Application ID               : <your application ID>

 

If the port 443 is not present in the result, execute the following command lines:

netsh http del sslcert ipport=0.0.0.0:port

netsh http add sslcert ipport=0.0.0.0:port certhash=<your Hash> appid={your ID}

4 people found this helpful

Attachments

    Outcomes