Using SSL with Web Interface: Difference between revisions

From RangerMSP Wiki - PSA software for MSPs and IT services providers
Jump to navigation Jump to search
Line 23: Line 23:


Change the token settings in the above file to Yes as follows:<br>UseSSLEncryption=Y
Change the token settings in the above file to Yes as follows:<br>UseSSLEncryption=Y
== Setting the SSL Port ==
The SSL communication between users/browsers and Commit Web Interface uses a dedicated port.
Set a port number for Commit Web Interface. This port should not be in use by any other application or service.
We recommend using the Commit default port for SSL: 4962.
If you decide to use another port, make sure that:
#You select a DIFFERENT port than the one used for standard connections (ServerPort).
#You select a port value other than the standard SSL port (443) which is probably already in use on your server (by IIS for example).
To configure the SSL port, set the SSLPort  token value in the following settings file:<br><Installation_DIR>\Commit\WebInterface\CommitWebInterface.ini
<u>Important Note:</u><br>If you use a firewall, proxy, etc., it is recommended that you open Port 4962 in order to allow a connection to be established with Commit Web Interface.<br>If this port is blocked by a firewall, a connection cannot be established.
== Setting SSL Certificate Password ==
If you have a password for your SSL Certificate (SSL Certificate passwords are optional), enter the password for the SSlPassword token in:<br><Installation_DIR>\Commit\WebInterface\CommitWebInterface.ini
== Modifying the Login Page to Use SSL ==
To use an SSL secure connection, modify your login page as follows:
You should change:
*Http to Https
*Standard Port (default 4961) to the SSL Port (default 4962)
For example:<br>If you've used the predefined login page (as described in section C.(1) above)the link, from your web site, to the secure login page should appear as follows:
<pre><A HREF="https://127.0.0.1:4962">Click to login</A></pre>
If you have embedded the login fields on one of your web pages (as described in section C.(2) above), modify the JavaScript used to post the login request as follows:
Original:  Method="post" action="http://127.0.0.1:4961"<br>Modified:  Method="post" action="https://127.0.0.1:4962"
[[Category:New Users]]
[[Category:Installation]]
[[Category:Web Interface]]

Revision as of 08:40, 28 July 2009

Commit Web Interface supports the ability to accept SSL connections (https rather than http).

Using SSL with Commit Web Interface is OPTIONAL. You can use Commit Web Interface without setting up SSL.

The first step you should take if you want to use SSL with Commit Web Interface is to obtain SSL certificates from an authorized SSL authority such as Verisign or Thawte.


Saving the Certificates Files

Commit requires that your certificates files be in the .pem file format. You should have three certificates files with the following names:

Key.pem
Cert.pem
Root.pem

Place your certificates files in the following folder:

<Installation_DIR>\Commit\WebInterface

If your certificates are in another file format, convert them to the .pem file format. Read the SSL Troubleshooting to see how to convert certain types of SSL certificate file formats.

Activating SSL with Commit

You need to instruct Commit Web Interface to use SSL. To do so, you must edit the following file:
<Installation_DIR>\Commit\WebInterface\CommitWebInterface.ini

Change the token settings in the above file to Yes as follows:
UseSSLEncryption=Y

Setting the SSL Port

The SSL communication between users/browsers and Commit Web Interface uses a dedicated port.

Set a port number for Commit Web Interface. This port should not be in use by any other application or service.

We recommend using the Commit default port for SSL: 4962.

If you decide to use another port, make sure that:

  1. You select a DIFFERENT port than the one used for standard connections (ServerPort).
  2. You select a port value other than the standard SSL port (443) which is probably already in use on your server (by IIS for example).

To configure the SSL port, set the SSLPort token value in the following settings file:
<Installation_DIR>\Commit\WebInterface\CommitWebInterface.ini

Important Note:
If you use a firewall, proxy, etc., it is recommended that you open Port 4962 in order to allow a connection to be established with Commit Web Interface.
If this port is blocked by a firewall, a connection cannot be established.

Setting SSL Certificate Password

If you have a password for your SSL Certificate (SSL Certificate passwords are optional), enter the password for the SSlPassword token in:
<Installation_DIR>\Commit\WebInterface\CommitWebInterface.ini

Modifying the Login Page to Use SSL

To use an SSL secure connection, modify your login page as follows:

You should change:

  • Http to Https
  • Standard Port (default 4961) to the SSL Port (default 4962)

For example:
If you've used the predefined login page (as described in section C.(1) above)the link, from your web site, to the secure login page should appear as follows:

<A HREF="https://127.0.0.1:4962">Click to login</A>

If you have embedded the login fields on one of your web pages (as described in section C.(2) above), modify the JavaScript used to post the login request as follows:

Original: Method="post" action="http://127.0.0.1:4961"
Modified: Method="post" action="https://127.0.0.1:4962"