Using SSL to secure the connection between Enterprise Server and Content Station

Content Station Air uses the internal key store of Flash to communicate with Enterprise Server. For downloading and uploading files, a key file has to be provided.

There are several ways of providing the key file:

Method 1. In a production environment, the certificate is signed by for example VeriSign or Comodo. In this scenario you do not have to provide the key file.

They key is validated against the root certificate of the certificate authority. This list of root certificates is precompiled in Content Station.

Method 2. On Mac OS X, the root certificates of the internal key store of the OS are also used.

Method 3. For self-singed certificates on Windows and Mac OS X, you can configure your own key file (in PEM format) and refer to it through the cacertPath option of the WWSettings file:

<SCEnt:SSL enable="true" cacertPath="/Applications/MAMP/conf/apache/server.pem" sslVersion="TLSv1"/>

Available options for the sslVersion parameter:

• Auto
• SSLv3
• TLSv1 (default)

Notes: For security reasons, use self-signed certificates only in a test environment and not for production. The certificate is loaded on startup of Content Station; when changing the cacertPath value, Content Station needs to be restarted.

Configuration steps on Mac OS X

Note: It is assumed here that Content Station AIR has been successfully installed.

Step 1. Copy the server.pem file to an accessible location.

Example: /Library/Application Support/WoodWing

Step 2. Access the WWSettings.xml file.

Step 2. Add the following option:

<SCEnt:SSL enable="true" cacertPath="/Library/Application Support/WoodWing/server.pem" sslVersion="TLSv1"/>

Step 3. Change the URL for connecting to Enterprise Server to "https".

Example:<SCEnt:ServerInfo name="Enterprise" url="https://172.20.22.48/enterprise/index.php"/>

Important: Make sure to validate the WWSettings.xml file for correct content. See Validating the WWSettings.xml file.

Step 4. Start Content Station.

Because this is the first time that Content Station is started in the new SSL environment, warnings will appear that the SSL certificates are not valid.

Step 5. Click Show Certificate.

Step 6. Select the check box Always trust “127.0.0.1” when connecting to “127.0.0.1”.

Step 7. Click Continue.

Warnings for the second certificate appear.

Step 8. Repeat steps 5 to 7.

Step 9. Upload a file to see if all is configured correctly.

Configuration steps on Windows

Note: It is assumed here that Content Station AIR has been successfully installed.

Step 1. Copy the cacert.pem file to an accessible location.

Example: C:\Documents and Settings\All Users\Application Data\WoodWing

Step 2. Access the WWSettings.xml file.

Step 3. Add the following option:

<SCEnt:SSL enable="true" cacertPath="C:\Documents and Settings\All Users\Application Data\WoodWing\server.pem" sslVersion="TLSv1"/>

Step 4. Change the URL for connecting to Enterprise Server to "https".

Example:<SCEnt:ServerInfo name="Enterprise" url="https://172.20.22.48/enterprise/index.php"/>

Important: Make sure to validate the WWSettings.xml file for correct content. See Validating the WWSettings.xml file.

Step 5. Start Content Station.

Because this is the first time that Content Station is started in the new SSL environment, warnings will appear that the SSL certificates are not valid.

Step 6. Click Show Certificate.

Step 7. Click Install Certificate.

Warnings for the second certificate appear.

Step 8. Repeat steps 6 and 7.

Step 9. Upload a file to see if all is configured correctly.

Troubleshooting

An error occurs referring to CURL 60

This means that your TransferServerSSLCertificates setting is not correctly set.

(On Windows) The 'install certificate' dialog opens for a second time

This means that the Common Name of your certificate does not match the IP address of the server.