Professional Documents
Culture Documents
ECR Integration
System Requirements Specifications
Document Info
Document Description
Versioning
1.0.0-beta 09/06/2020 Adding SSL Support for Geidea Web ECR Integration
Reviewing
2
SSL Support for WEB ECR
Table of Content
Document Info 2
1. Introduction 4
2. Creating Self signed SSL certificate 5
3. Using the Self signed SSL certificate with Geidea WEB ECR app 9
3
SSL Support for WEB ECR
1. Introduction
As our geidea WEB ECR Integration app is running on localhost, we can't get SSL
certificate from trusted CA. we have to go with self signed SSL certificates that need
to be installed into all the PCs as you install the Geidea WEB ECR Integration
Windows service.
we will issue you a sample self signed SSL certificate in our build files for testing
purposes. While going production, we suggest you deploy with your own self signed
certificate for each PCs.
Here, we will explain to you how to create and use self-signed SSL certificates with
the Geidea WEB ECR Integration App.
whenever you access our Geidea WEB ECR Integration service from your existing
app/website which already has SSL/HTTPS, you will get "Mixed content error" in
browser level.
to know more about the "Mixed content error", you can google on the internet.
To overcome this issue, we have to use a self-signed SSL certificate with Geidea
WEB ECR Integration app using the below steps.
4
SSL Support for WEB ECR
NOTE: For development, you can skip this and jump into "Using the Self signed SSL
certificate with Geidea WEB ECR app". This process is required only for production.
WARNING: Here, I have given openssl command which i have used in my ubuntu
linux terminal and it worked perfectly. maybe these commands need some
modifications while you execute it on Windows. kindly google if any error you are
facing with the openssl command.
● As it’s a self-signed certificate, No Warranty or Guarantee from Geidea on
this. you have to try with your own risk. we issued you one localhost ssl
certificate with 5 years of validity. it's only for testing purposes.
● Please don't go production with a Geidea Certificate as it has limitations.
● geidea suggests you to create your own self signed certificate for each PC
and don't reuse one self signed certificate for all client PCs for security
reasons while you are going for production.
● first you have install openssl in your PC, if its Windows you can follow this
https://www.cloudinsidr.com/content/how-to-install-the-most-recent-version-of-
openssl-on-windows-10-in-64-bit/
● open powershell or command prompt and run the below command
openssl req -days 1825 -x509 -out localhost.crt -keyout
localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost\nfriendlyName=localhost' -extensions EXT
-config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name =
dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignatur
e\nextendedKeyUsage=serverAuth")
it will create 2 files localhost.crt and localhost.key (certificate and private key)
with 5 years validity.
5
SSL Support for WEB ECR
● again run the below openssl command to get the .pfx format.
openssl pkcs12 -export -out localhost.pfx -inkey localhost.key
-in localhost.crt
it will ask you to enter password and confirm password. kindly remember the
password as it's required while adding it into the PC's local certificate store.
● now, copy all 3 files into AppSSL folder inside app root directory and update
appsettings.json file in app root directory for ssl file name and password (by
default file name is localhost.pfx and password is "geidea") as below.
"ssl": {
"name": "localhost.pfx",
"password": "geidea",
...
...
...
},
6
SSL Support for WEB ECR
3. Using the Self signed SSL certificate with Geidea WEB ECR app:
● In the app root directory, we can see the AppSSL folder which contains
localhost.crt, localhost.key and localhost.pfx. These are provided by Geidea
for testing purposes. for production, you have to follow the steps in above "I.
Creating Self signed SSL certificate:" to create your own self signed
certificate.
● you have to add this localhost.pfx into the PCs certificate store by double
clicking it, it will ask the certificate password which you set in 4th step on
"Creating Self signed SSL certificate". for testing certificate, the password is
"geidea".
7
SSL Support for WEB ECR
● you have to store it Local Machine Store Location under Personal Store
Name.
● After that set a friendlyName for that certificate in the certificate store for your
easy access.
● Now, copy the localhost certificate in Personal Store Name and Paste it into
Trusted Root Certification Authorities. so that the computer can trust the
certificate while you open/accessing the Geidea WEB ECR app from the
browser.
8
SSL Support for WEB ECR
● Now, just copy the serial number of the localhost certificate inside the
certificate store and keep it for the next step.
● Now, goto WEB ECR app directory and check for appsettings.json file. open it
in a text editor.
● update the below values in appsettings.json file
"ssl": {
...
...
"StoreName": "Personal",
"StoreLocation": "LocalMachine",
"SerialNumber":"28fd169c1ad8d0b4438cfc22013c51fa32eecde9"
},
● you are almost done, now restart the Windows service and open it in the
browser using https://localhost:{httpsPort}. check appsettings.json file for
httpsPort,
"port": {
"http": 5000,
"https": 5001
},
● you can change the port value as you want. kindly make sure that port is free
before using it for our WEB ECR app.
● if the https port is 443, then you can open the app as https://localhost and no
need to append :443.
That's it, now your Geidea Web ECR app will support SSL/WSS and you can access
it from your app/website over secure https protocol.