Using SSL Transport in Webspace
When using self-signed certificates with Webspace, these steps outline the setup for running in Webspace over HTTPS.
- Create your certificate authority and generate the SSL certificate. The commands needed to create CA key and certificate are:
openssl genrsa -out ca.key 2048 openssl req -sha256 –new –key ca.key -out ca.csr
- Create the ca.cfg file with the following content:
extensions = x509v3 [ x509v3 ] subjectAltName = email:copy basicConstraints = CA:true,pathlen:0 nsComment = "GE Digital CA" nsCertType = sslCA
- Create the CA certificate using command:
openssl x509 –req -sha256 –extfile ca.cfg –days 1825 –signkey ca.key –in ca.csr -out ca.crt
- Rename ca.cfg to server.cfg.
- Remove the basicConstraints line.
- Modify nscomment to reflect your Company Name.
- Change nsCertType to 'server'.
- Create a file to hold certificate serial numbers by running the command:
echo 01 > ca.serial
- Create the server key and certificate signed by the CA using below
commands:
openssl genrsa –out server.key 2048 openssl req -sha256 –new –key server.key –out server.csr openssl x509 –req -sha256 –extfile server.cfg –days 1825 –CA ca.crt –CAkey ca.key –CAserial ca.ser ial –in server.csr –out server.crt
Note: In options common name part is the host name of the server. - Assign the generated server certificate in step Webspace Admin Console on the Options > Security tab.
- Restart the Proficy Webspace Application publishing service.
- In the IIS manager window, select the host name and then Server Certificates.
- In the Server certificates window, click Create Self Signed Certificate.
- Select the Default website and Bindings option.
- Add a HTTPS binding with the certificate created in the previous step.
- Restart the Default website in IIS manager
- Confirm that IIS is setup correctly by opening a browser and enter the https://hostname. It should open the IIS default page. This indicates that the https settings in IIS are configured correctly.
- Try to connect to an application in the Webspace client. This should start the iFIX or CIMPLICITY application in the Webspace browser window.