Configuring HostedSuite For SSL

From HostedSuite Wiki :: Evo Technologies

Jump to: navigation, search

Contents

Introduction

HostedSuite can be configured to use SSL. The process is not difficult, but there are a couple of steps required that will require an IT person to assist.

The process basically comes down to the following steps

  1. Determine desired domain name and purchase SSL certificate
  2. Configure the domain name to point to the correct IP address
  3. Export SSL certificate to PFX format with private key embedded and a password
  4. Copy the SSL certificate to a secure location on the HostedSuite server and configure HostedSuite to use the SSL certificate
  5. Have operators start using https:// instead of http://


1. Domain Name/Purchase SSL Certificate

This step must be performed by an IT person.

The first step requires that the IT person in charge purchase an SSL certificate for the customer's location. For example, let's assume that the customer's web site is www.abccorp.com, their corporate domain is abccorp.com. The customer needs to choose a domain name for the console, for example console.abccorp.com.

SSL certificates need to be associated with a specific domain name, so this step is required. Once the customer has chosen the domain name that they want to use, the IT person in charge should purchase a standard SSL certificate from a company such as GoDaddy. Most standard SSL formats work for example GoDaddy's normal RSA Cryptographic Provider + 2048 bit length setup.

Finish the SSL process with GoDaddy to purchase your SSL certificate

2. Configure DNS

This step must also be performed by an IT person.

You need to configure an A record on your DNS provider to point the domain name chosen in step 1. to the IP address of the HostedSuite Server.

For example, if the IP address of the HostedSuite server is 192.168.0.21 and the domain name we chose was console.abccorp.com you will create an A record in the DNS that points that domain name to the IP address.

3. Export SSL certificate to PFX file

This step must be performed by an IT person.

Once the SSL certificate has been purchased and installed, it needs to be exported to a PFX file. If the installation process was done using a Windows machine, this is a pretty simple process.

  1. Login to the PC as an Administrator
  2. Click Start and search for "Certificates" - select the "Manage Computer Certificates" or "Certificate Manager" option.
  3. Find the certificate that you installed, typically it will be in the Personal > Certificates folder
  4. Right click the certificate and select All Tasks > Export
  5. Click Next on the welcome screen
  6. On the next screen, select "Yes, export the private key" and click Next. If this option is grayed out, you need to restart certificate manager and run it as an administrator.
  7. On the next screen, leave it on the default "Personal Information Exchange", check the "Export all extended properties box". Do NOT check the "Delete the private key" box, Click Next.
  8. Check the "Password" box and enter a password for this file.
  9. Export the file somewhere on your computer with a name such as "evo-console.pfx"

Please note that there are a lot of ways to export an SSL certificate to a PFX file and this is just one of them. Here are a few links to other ways

GoDaddy: https://www.godaddy.com/community/SSL-And-Security/How-do-I-convert-CRT-to-PFX-or-get-a-PFX-certificate/td-p/99690

DigiCert: https://www.digicert.com/util/pfx-certificate-management-utility-import-export-instructions.htm

Generic: https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/

No matter which way you choose to export the PFX file, it is important that you embed the private key and give it a password.

4. Configure HostedSuite

The first thing that we want to do is copy the PFX file that we exported in step 3 to the HostedSuite server. This can be placed directly in the HostedSuite folder, for example "C:\Program Files (x86)\Evo\HostedSuite\Bin" or wherever. Just make sure to note the location where you copied the file to.

Now, we need to configure HostedSuite to use this SSL certificate. Stop the HostedSuite service and then open notepad.exe as an Administrator (this is important otherwise you won't be able to save chagnes)

Open the following file in Notepad: "C:\Program Files (x86)\Evo\HostedSuite\Bin\HostedSuiteServer.exe.config" (please note that you will have to change the dropdown in notepad to show All files not just txt files)

NOTE Make sure you run Notepad as Administrator otherwise you might not be able to save the file

If you do not see a HostedSuiteServer.exe.config file, update HostedSuite to the latest version first and then stop the service and open the file.

In the config file, look for the following text

<appSettings>
   <add key="SslCertificatePath" value="" />
   <add key="SslCertificatePassword" value="" />
</appSettings>

You are going to put in the path to the PFX file and the password for the PFX file, for example

<appSettings>
   <add key="SslCertificatePath" value="C:\Program Files (x86)\Evo\HostedSuite\bin\evo-ssl.pfx" />
   <add key="SslCertificatePassword" value="p@ssword" />
</appSettings>

Save the changes.

5. Start the service and login using SSL

Start the HostedSuite service. Please note that all previous URLs will no longer work, the new URL will be the following format: https://domain-name:21483

For example, if the domain name you chose was console.abccorp.com then your URL will be https://console.abccorp.com:21483

All operators must start using this domain name in order to access the console.

If the page does not load, the first thing you want to do is make sure that the IP address is resolving correctly by pinging it. For example:

ping console.abccorp.com

This should resolve to the IP address of the HostedSuite server PC. If it does not ping that IP address, the DNS records must be corrected by the IT team.

If you get any SSL errors, e.g. the address bar is red, it means that the SSL certificate is not correct for the domain name chosen

Troubleshooting

The most likely issue is that after following the steps above, you will start the HostedSuite service and either the page won't load or it will spin and spin.

If you have a situation where the page just keeps spinning, you can check to see if there were any SSL certificate errors by looking in the following path:

C:\Program Files (x86)\Evo\HostedSuite\Logs\HostedSuite-Server.log

You may see something such as the following:

2019-09-11 20-42-53.png

Indicating that the password is invalid.

If when you open the console site, it loads but Chrome gives you an error such as a "security warning" you need to make sure that the URL in the address bar matches the URL on the certificate.

You have to take the IT person's word that they have given the correct domain name to the certificate, for example, let's say that the DNS name chosen is

console.abccorp.com

And you open up Chrome to

https://console.abccorp.com:21483

And get the security warning. This most likely means that the certificate was not created for the correct domain name OR that you typed in the wrong URL, e.g

https://consoel.abccorp.com:21483
Personal tools
Namespaces
Variants
Actions
Navigation
Topics
Toolbox