How do I configure SSL for OpenSpan Events Server?

Versions affected: OpenSpan Events Server 4.5 and later


SSL Configuration for OpenSpan Events Server

General

  1. If your OpenSpan Events Server is already configured with a valid SSL certificate on a known port, please skip to Step 14. This document explains how to configure a valid SSL certificate on OpenSpan Events Server using Microsoft Server 2008 for port 8088. This certificate has to be signed by a "root authority" which is trusted by the server and all clients that connect to this server.

    2. To configure a validate certificate, run the makecert command from the Events server. The executable is available under the latest Windows SDK toolkit. The Windows SDK requires .Net Framework 4 and can be downloaded at the following URL: http://msdn.microsoft.com/en-us/windowsserver/bb980924.aspx

    Microsoft .Net Framework 4 can be downloaded at the following URL: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9cfb2d51-5ff4-4491-b0e5-b386f32c0992&displaylang=en

  2. After you have successfully installed the Windows SDK, open the Windows SDK Command Prompt located under All Programs > Microsoft Windows SDK > Microsoft Windows SDK 7.1 Comand Prompt.

  3. From the Windows SDK Command prompt, change directories to the bin directory which is located under MICROSFT/SDKS/WINDOWS/V.7.1/BIN.

  4. Run the following command to create the certificate:

    makecert -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine

    The command prompt should return the message localmachine succeeded and prompt you to create a Private Key Password.

  5. After you have created a Private Key Password, you need to make this certificate a trusted authority. This can be done by using the MMC snap-in console. From the Windows command prompt, enter mmc to access the Microsoft Management Console.


  6. From Microsoft Management Console toolbar select File > Add/Remove Snap-in.


    7. From the Add or Remove Snap-ins panel, add Certificates from the Available snap-ins list to the Selected snap-ins list. Once the certificates snap-in has been added to Selected snap-ins, select Computer account to manage the certificate.



  7. Finally, select Local Computer: (the computer the console is running on) for snap-in management. Click Finish.




    8. From the MMC, select Certificates (Local Computer). Expand the Certificates > Personal > Certificates nodes. You should see your certificate listed here.



  8. Click OK to exit the Add and Remove Snap-ins Screen.

    Drag or copy this certificate from the Personal Certificates to the Trusted Root Certification Authorities folder.



    9. Note: At this point, we have verified that you can create trusted certificates on your machine. Now we will create another certificate that will be used by Open Span Events.

  9. Open the Windows SDK Command Prompt located under All Programs > Microsoft Windows SDK - > Micorsoft Windows SDK 7.1 Command Prompt.

    Run Makecert again as follows:

    Makecert -sv SignRoot.pvk -cy authority -signroot.cert -a sha1 -n "CN=Dev Certification Authority" -ss my -sr localmachine

    10. Note: You must change the CN name to the hostname used for the machine.

    If your command is successful you will be prompted to enter a private key password for this certificate.

  10. Enter the private key password to create the root certificate. Return to the Microsoft Management Console by running "MMC" at the command prompt. You will be able to select the Certificates (Local Computer). Expand the Certificates > Personal > Certificates nodes. You should see your new certificate listed here.




  11. Obtain the thumbnail value of the new certificate by right-clicking the certificate and choosing Open from the menu. This will open the certificate pop-up. From here, select the Details tab and scroll down to the thumbprint field. Click the thumbprint field to select the value.


    12. Please make note of the thumbnail value of this certificate. It will be used again to bind the certificate to the desired port.




    Find the GUID Of OpenSpan Events Server

  12. Open the Registry on the server by typing regedit from the command prompt. Expand the Uninstall menu under the following directory:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall




    13. Note: Scroll through the GUIDs listed under the Uninstall folder until you see a display name of OpenSpan Event Server. This will indicate that you have found the correct GUID. Copy this GUID.

    Bind the Certificate To The Port

  13. Open the Windows SDK Command Prompt located under All Programs > Microsoft Windows SDK > Microsoft Windows SDK 7.1 Comand Prompt.

    Certhash = The thumbprint value of the certificate with spaces removed
    Appid = The GUID of the OpenSpan Event Server with brackets

    14. Run the following command to bind the certificate created above to the port (8088) for SSL:

    netsh http add sslcert ipport=0.0.0.0:8088 certhash=ba1936daf451c0b2406d237a4b76d844db4ebcc0 appid={1359455C-541B-49B7-9445-C3E0C4168042}

    From the Server

  14. Once the certificate has been binded, open the Events Server Configuration Console and configure a base address for HTTPS. Now you can start the Event Server. If it starts without any error messages, the server side should be set.



    15. Note: Machine name is the servername or IP of the server. The port should be configured to listen for https requests. For this example we will use port 8088.


    From The Client

  15. In the OpenSpan project, change the binding configuration of the Web service connector to use SSL.
    Under Endpoint Configuration set the following:


    Address: https://machinename:8088/NotificationService/WsHttp
    Enable SSL: True

    Now you are ready to test your project using SSL!



Leave A Comment

or close

Email This Article

or close