Using SSL in Enterprise Server
The WoodWing Enterprise server and all its client applications support the use of SSL as a way of securing the communication between the server and the client applications. See SSL support in WoodWing Enterprise for more information.
Setting up SSL in Enterprise Server is a 3-step process:
- Generating a certificate
- Installing the certificate
- Testing the Web Server
Step 1. Generating a certificate
Generating a certificate for Enterprise Server can be done in the following ways:
- Using a certificate signed by the WoodWing provided CA certificate
- Using a certificate signed by a trusted root Certificate Authority
Using a certificate signed by the WoodWing provided CA certificate
This implementation of SSL relies on the fact that both client and server are from the same party: WoodWing. This removes the necessity to use a third party as the one trusted by both parties.
Step 1. Download and unzip the SSL.SDK.zip package.
Note: The package can be used for all versions of Enterprise.
Step 2. (Optional) Generate a new CA certificate and use that instead of the one provided by WoodWing by using the genCA script from the Terminal or command line:
- Mac OS X:
Step 3. Run the genSignedCert script, and complete the questions:
- Mac OS X:
Important: the common name (CN) must match the host name as used in URL.
After a successful run, the newcerts folder will contain the following:
- cert.pem. The certificate in PEM format),
- key.pem. The private key
- cert.p12. The certificate and private key in PKCS#12 format (by default the password is ‘ww’).
Note: Obviously the private keys should remain private.
Step 4. Copy the generated cacert.pem file to your server on <web root>/Enterprise/config/encryptkeys. During this process, overwrite the existing file.
Note: Make sure that the internet user (www/inet_usr) has 'read' access to the copied file.
Using a certificate signed by a trusted root Certificate Authority
To use a trusted root CA signed certificate, purchase an SSL certificate from a Certificate Authority.
Note: Make sure that the Common Name (CN) field contains the name of the Enterprise Server as shown in the URL that is used to connect to the server.
Step 2. Installing the certificate
Setting up SSL on IIS is described in the Microsoft documentation: IIS Manager.
Note: For server certificates derived from the WoodWing root CA certificate, don’t click the Self Signed Certificate menu option but click the Import menu option instead. In the Import Certificate dialog, click the […] button. In the Open dialog, change the pre-selected *.pfx option into the *.* option and browse to the cert.p12 file and click OK. In the Password field of the Import Certificate dialog fill in “ww” and click OK.
On Apache v2.x
Setting up SSL on Apache is described in the Apache documentation: SSL/TLS Strong Encryption: How-To.
Example: SSLCertificateFile /usr/local/ssl/cert.pem.
Example: SSLCertificateKeyFile /usr/local/ssl/key_unenc.pem file.
Both files can be copied from the newcerts folder.
Setting up SSL within MAMP is described on Webopius.com: Getting MAMP working with SSL on OS X.
Changing the default https port
(Optional) You can change the default https port '443' into something else, for example '1234'. In that case you need to change the two '443' values into '1234' in your httpd.conf file, restart the Web service and run the following URL in a Web browser:
Step 3. Testing the Web Server
Step 1. Run the following command:
openssl s_client -connect your_server_name:443 -state -debug -CAfile cacert.pem
It should give an extensive report, but no errors.
Step 2. Check if the Enterprise Web applications are able to run correctly by entering the URL for the Server in a Web browser.
Note: For troubleshooting SSL, visit the Apache documentation: SSL/TLS Strong Encryption.