WoodWing Help Center

Using SSL in Enterprise Server

Using SSL in Enterprise Server

The WoodWing Enterprise server and all its client applications support the use of SSL as a way of securing the communication between the server and the client applications. See SSL support in WoodWing Enterprise for more information.

Setting up SSL in Enterprise Server is a 3-step process:

  1. Generating a certificate
  2. Installing the certificate
  3. Testing the Web Server

Step 1. Generating a certificate

Generating a certificate for Enterprise Server can be done in the following ways:

  1. Using a certificate signed by the WoodWing provided CA certificate
  2. Using a certificate signed by a trusted root Certificate Authority

Using a certificate signed by the WoodWing provided CA certificate

This implementation of SSL relies on the fact that both client and server are from the same party: WoodWing. This removes the necessity to use a third party as the one trusted by both parties.

Step 1. Download and unzip the SSL.SDK.zip package.

Note: The package can be used for all versions of Enterprise.

Step 2. (Optional) Generate a new CA certificate and use that instead of the one provided by WoodWing by using the genCA script from the Terminal or command line:

  • Mac OS X: sh genCA.sh
  • Windows: genCA.cmd

Step 3. Run the genSignedCert script, and complete the questions:

  • Mac OS X: sh genSignedCert.sh
  • Windows: genSignedCert.cmd

Important: the common name (CN) must match the host name as used in URL.

After a successful run, the newcerts folder will contain the following:

  • cert.pem. The certificate in PEM format),
  • key.pem. The private key
  • cert.p12. The certificate and private key in PKCS#12 format (by default the password is ‘ww’).

Note: Obviously the private keys should remain private.

Step 4. Copy the generated cacert.pem file to your server on <web root>/Enterprise/config/encryptkeys. During this process, overwrite the existing file.

Note: Make sure that the internet user (www/inet_usr) has 'read' access to the copied file.

This file is picked up by the Health Check page and the Drupal integration.

Using a certificate signed by a trusted root Certificate Authority

To use a trusted root CA signed certificate, purchase an SSL certificate from a Certificate Authority.

Example: Symantec or curl.haxx.se.

Note: Make sure that the Common Name (CN) field contains the name of the Enterprise Server as shown in the URL that is used to connect to the server.

Step 2. Installing the certificate

On Windows

Setting up SSL on IIS is described in the Microsoft documentation: IIS Manager.

Note: For server certificates derived from the WoodWing root CA certificate, don’t click the Self Signed Certificate menu option but click the Import menu option instead. In the Import Certificate dialog, click the […] button. In the Open dialog, change the pre-selected *.pfx option into the *.* option and browse to the cert.p12 file and click OK. In the Password field of the Import Certificate dialog fill in “ww” and click OK.

On Apache v2.x

Setting up SSL on Apache is described in the Apache documentation: SSL/TLS Strong Encryption: How-To.

Notes:

  • The SSLCertificateFile should point to the cert.pem file.

Example: SSLCertificateFile /usr/local/ssl/cert.pem.

  • The SSLCertificateKeyFile should point to the key_unenc.pem file.

Example: SSLCertificateKeyFile /usr/local/ssl/key_unenc.pem file.

Both files can be copied from the newcerts folder.

In MAMP

Setting up SSL within MAMP is described on Webopius.com: Getting MAMP working with SSL on OS X.

Changing the default https port

(Optional) You can change the default https port '443' into something else, for example '1234'. In that case you need to change the two '443' values into '1234' in your httpd.conf file, restart the Web service and run the following URL in a Web browser:

https://your_server_name:1234/Enterprise

Step 3. Testing the Web Server

Step 1. Run the following command:

cd your_ssl_sdk_folder

openssl s_client -connect your_server_name:443 -state -debug -CAfile cacert.pem

It should give an extensive report, but no errors.

Step 2. Check if the Enterprise Web applications are able to run correctly by entering the URL for the Server in a Web browser.

Example: https://your_server_name/Enterprise

Note: For troubleshooting SSL, visit the Apache documentation: SSL/TLS Strong Encryption.

Was this article helpful?
0 out of 1 found this helpful / Created: / Updated:
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.