Setting up SSL for Server and Identity Service v2x - KB903 -
Israel +972 4 6308447      USA +1 619 831 0029         UK +44 203 807 9405         JAPAN +81 505 893 6263 担当:萩原

Setting up SSL for OpenLM Server and Identity Service v2x – KB903

You are here:
< All Topics

This is a quick guide that describes how to set up the SSL connection for the OpenLM Server and Identity Service v2x.

Important: it is mandatory that the certificates used for the Server also be installed and present in the Trusted Certificate Store of the machine with the component connecting to the OpenLM Server.

Once SSL is enabled for the Server, it is necessary to update the hostname/IP of all components that connect to it to use the HTTPS protocol. As with the Server configuration, make sure that the exact FQDN is used when specifying the host.

 

Contents:

1. Setting up SSL for Identity Service

2. Setting up SSL for OpenLM Server

1. Setting up SSL for Identity Service

  1. Go to C:\Program Files\OpenLM\OpenLM/OpenLM IdentityService/SecurityService/cert and place here the certificate with a digital signature from a certificate authority (CA).
  2. Attention! Do not delete any existing certificates!
  3. Open the appsettings.json file located at C:\Program Files\OpenLM\OpenLM Identity Service\SecurityService with a convenient text editor and administrator privileges.
  4. Locate the Settings node and change the “IssuerUri” parameter from HTTP to HTTPS:
},
  "Settings": {
    "UseDb": true,
    "IssuerUri": "https://l324md.openlm.biz:5000",
    "DbType": "MariaDB"
  },

5. Edit the Kestrel node. Provide the data for the certificate: path to the Certificate and password then change the URL parameter from HTTP to HTTPS:

},
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "https://l324md.openlm.biz:5000",
        "Certificate": {
          "Path": "./cert/cert.pfx",
          "Password": "12345"
        }
      }
    }
  },
  • Path – The path to the certificate file. Make sure the Windows paths use double backslashes instead of forward slashes.
  • Password – the password for the private key of the certificate.

Note: make sure the curly braces { } are properly closed at all times.

6. Save the changes.

7. Restart the Identity Service:

Restarting the Services

8. To verify whether the SSL connection is successful, open up the Identity Service UI, type in the address bar the new address (HTTPS) and refresh the page. Click on the “Lock” icon as portrayed below:

2. Setting up SSL for OpenLM Server

1. Go to C:\Program Files\OpenLM\OpenLM/Server/bin and create a folder called “Cert”, then paste the certificate with a digital signature from a certificate authority (CA) to this folder.

2. Open up the appsettings.json located at C:\Program Files\OpenLM\OpenLM Server\bin\ in a text editor with administrator privileges.

3. Locate and edit the Kestrel node configurations and update the URL for the Kestrel endpoint, i.e the full path to EasyAdmin: https://path.domain:port

},
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "https://l324md.openlm.biz:5015"
      },

4. Locate and edit the Certificates node. Provide the following details:

  • Path – The path to the certificate file. Make sure the Windows paths use double backslashes instead of forward slashes.
  • Password – the password for the private key of the certificate.

Note: make sure the curly braces { } are properly closed at all times.

},
    "Certificates": {
      "Default": {
        "Path": "./cert/cert.pfx",
        "Password": "12345"
      }
    },

5. Locate the “Auth” node and edit the “Authority” line with the updated Identity Server URL (HTTPS)

},
  "Auth": {
    "EnableSecurity": true,
    "Authority": "https://l324md.openlm.biz:5000",
    "Audience": "openlm.server.api",
    "AuthProvider": null,
    "ClientId": "openlm.server.client",
    "ClientSecret": "16d82e9f-8d6d-4bba-8181-c9fce5c5e287",
    "ClientScope": "openlm.cloud.scope openlm.etlmanager.scope IdentityServerApi openlm.dss.scope",
    "TokenEndpoint": "/connect/token"
  }
}

6. Save the changes (Ctrl+S).

7. Now it is time to change the OpenLM Server we have declared in the Identity Service Settings. Open up the Identity ServiceSettingsSecurity Configuration tab and declare the updated Sever’s address (HTTPS) and click Save:

8. Restart the Server Service.

9. To verify the connection, type in the address bar the updated EasyAdmin address: https://path.domain:port

Previous OpenLM System Structure Overview – KB4400
Next Upgrade OpenLM Server – MySQL Database – HT808
Table of Contents