Scribd Logo
Upload

Welcome to Scribd!

  • SSL/WSS Support For Geidea WEB ECR Integration: System Requirements Specifications

    Uploaded by

    Al-Etihad Invoice
    47 views9 pages

    Original Title

    Adv Support

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    47 views9 pages

    SSL/WSS Support For Geidea WEB ECR Integration: System Requirements Specifications

    Uploaded by

    Al-Etihad Invoice

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    SSL/WSS Support for Geidea WEB

    ECR Integration
    System Requirements Specifications

    Date: 09/06/2020 | Version: 1.0.0-beta


    SSL Support for WEB ECR

    Document Info

    Document Description

    Document title: SSL/WSS Support for Geidea WEB ECR Integration

    Document version: 1.0.0-beta

    Document date: 09/06/2020

    Document status: Development

    Document author: Mohamed Abubucker

    Prototypes author: Mohamed Abubucker

    Versioning

    Version Date Description of change made

    1.0.0-beta 09/06/2020 Adding SSL Support for Geidea Web ECR Integration

    Reviewing

    Version Date Reviewed by

    1.0.0-beta 10/06/2020 ZAKEER HUSSAIN MEERA

    2
    SSL Support for WEB ECR

    Table of Content

    Document Info 2
    1. Introduction 4
    2. Creating Self signed SSL certificate 5
    3. Using the Self signed SSL certificate with Geidea WEB ECR app 9

    3
    SSL Support for WEB ECR

    1. Introduction

    As our geidea WEB ECR Integration app is running on localhost, we can't get SSL
    certificate from trusted CA. we have to go with self signed SSL certificates that need
    to be installed into all the PCs as you install the Geidea WEB ECR Integration
    Windows service.

    we will issue you a sample self signed SSL certificate in our build files for testing
    purposes. While going production, we suggest you deploy with your own self signed
    certificate for each PCs.

    Here, we will explain to you how to create and use self-signed SSL certificates with
    the Geidea WEB ECR Integration App.

    whenever you access our Geidea WEB ECR Integration service from your existing
    app/website which already has SSL/HTTPS, you will get "Mixed content error" in
    browser level.

    to know more about the "Mixed content error", you can google on the internet.

    To overcome this issue, we have to use a self-signed SSL certificate with Geidea
    WEB ECR Integration app using the below steps.

    4
    SSL Support for WEB ECR

    2. Creating Self signed SSL certificate:

    NOTE: For development, you can skip this and jump into "Using the Self signed SSL
    certificate with Geidea WEB ECR app". This process is required only for production.

    WARNING: Here, I have given openssl command which i have used in my ubuntu
    linux terminal and it worked perfectly. maybe these commands need some
    modifications while you execute it on Windows. kindly google if any error you are
    facing with the openssl command.
     
     
    ● As it’s a self-signed certificate, No Warranty or Guarantee from Geidea on 
    this. you have to try with your own risk. we issued you one localhost ssl 
    certificate with 5 years of validity. it's only for testing purposes. 
     
    ● Please don't go production with a Geidea Certificate as it has limitations. 
     
    ● geidea suggests you to create your own self signed certificate for each PC 
    and don't reuse one self signed certificate for all client PCs for security 
    reasons while you are going for production. 
     
    ● first you have install openssl in your PC, if its Windows you can follow this 
    https://www.cloudinsidr.com/content/how-to-install-the-most-recent-version-of-
    openssl-on-windows-10-in-64-bit/ 
     
    ● open powershell or command prompt and run the below command 
     
     
     
    openssl  req  -days  1825  -x509  -out  localhost.crt  -keyout 
    localhost.key \ 
    -newkey rsa:2048 -nodes -sha256 \ 
      -subj  '/CN=localhost\nfriendlyName=localhost'  -extensions  EXT 
    -config <( \ 
      printf  "[dn]\nCN=localhost\n[req]\ndistinguished_name  = 
    dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignatur
    e\nextendedKeyUsage=serverAuth") 
     
     
     
    it will create 2 files localhost.crt and localhost.key (certificate and private key) 
    with 5 years validity. 
     

    5
    SSL Support for WEB ECR

    ● again run the below openssl command to get the .pfx format. 
     
     
    openssl  pkcs12  -export  -out  localhost.pfx  -inkey  localhost.key 
    -in localhost.crt 
     
     
    it will ask you to enter password and confirm password. kindly remember the 
    password as it's required while adding it into the PC's local certificate store. 
     
    ● now, copy all 3 files into AppSSL folder inside app root directory and update 
    appsettings.json file in app root directory for ssl file name and password (by 
    default file name is localhost.pfx and password is "geidea") as below. 
     
     
    "ssl": { 
    "name": "localhost.pfx", 
    "password": "geidea", 
    ... 
    ... 
    ... 
    }, 
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    6
    SSL Support for WEB ECR

    3. Using the Self signed SSL certificate with Geidea WEB ECR app:

    ● In the app root directory, we can see the AppSSL folder which contains 
    localhost.crt, localhost.key and localhost.pfx. These are provided by Geidea 
    for testing purposes. for production, you have to follow the steps in above "I. 
    Creating Self signed SSL certificate:" to create your own self signed 
    certificate. 
     
    ● you have to add this localhost.pfx into the PCs certificate store by double 
    clicking it, it will ask the certificate password which you set in 4th step on 
    "Creating Self signed SSL certificate". for testing certificate, the password is 
    "geidea". 
     
     

     
     
     
     
     

    7
    SSL Support for WEB ECR

    ● you have to store it Local Machine Store Location under Personal Store 
    Name. 
     

     
     
    ● After that set a friendlyName for that certificate in the certificate store for your 
    easy access. 
     
    ● Now, copy the localhost certificate in Personal Store Name and Paste it into 
    Trusted Root Certification Authorities. so that the computer can trust the 
    certificate while you open/accessing the Geidea WEB ECR app from the 
    browser. 
     

    8
    SSL Support for WEB ECR

    ● Now, just copy the serial number of the localhost certificate inside the 
    certificate store and keep it for the next step. 
     
    ● Now, goto WEB ECR app directory and check for appsettings.json file. open it 
    in a text editor. 
     
    ● update the below values in appsettings.json file 
     
     
    "ssl": { 
    ... 
    ... 
    "StoreName": "Personal", 
    "StoreLocation": "LocalMachine", 
    "SerialNumber":"28fd169c1ad8d0b4438cfc22013c51fa32eecde9" 
    }, 
     
     
    ● you are almost done, now restart the Windows service and open it in the 
    browser using https://localhost:{httpsPort}. check appsettings.json file for 
    httpsPort, 
     
     
    "port": { 
    "http": 5000, 
    "https": 5001 
    }, 
     
     
    ● you can change the port value as you want. kindly make sure that port is free 
    before using it for our WEB ECR app. 
     
    ● if the https port is 443, then you can open the app as https://localhost and no 
    need to append :443. 
     
    That's it, now your Geidea Web ECR app will support SSL/WSS and you can access 
    it from your app/website over secure https protocol. 

    You might also like