Skip to main content

How do I update ConnectMaster WebAPI to use SSL (https)

Updated

In order to effectively utilize ConnectMaster WebAP with SSL (Secure Sockets Layer), it is essential to make a few specific adjustments to your setup. This process involves several steps that need to be followed carefully to ensure a smooth and secure connection. Below, you will find a detailed guide outlining these necessary steps to help you configure your system properly.

Modify the DDesign.WebAPI.exe.confg 

Stop WebAPI before you continue with the next steps

Set the following value as indicated in the example screenshot below.

  • Set the wsHttpBinding
  • Add "security" node + set the security mode as Transport
  • Update the base api address with https and desired port
  • Update the serviceMetadata for https: httpsGetEnabled
Start WebAPI again

 

Update the web.config

Info:

The following steps are needed to apply a certificate to WebAPI and a nominated port.

Note:
The webAPI needs a certificate that supports client authentication. If one is not already available, follow these steps to create one, otherwise continue outside the box.

  • Open cmd prompt as administrator. (OR: open PowerShell as administrator)
  • Run the command:
    New-SelfSignedCertificate -DnsName YourServerDnsName -CertStoreLocation cert:\LocalMachine\my

This creates a certificate in the “Personal” certificates on the computer. To retrieve the thumbprint of the certificate, it can be found in the Certificates management console (run certlmin cmd prompt to launch).

Update the web.config file in CMOnline to point to the https address for the webAPI, and security to the binding as per the image:

 

Assign the certificate to the port and application

  • Retrieve the certificate thumbprint for the “client authentication” capable certificate to be used.
  • Use App ID: {47a9682c-5d73-4483-ab60-0ead47c0e9bd} for the API.
  • In a command prompt as administrator launch command:
    netsh http add sslcert ipport=0.0.0.0:9000 certstorename=my certhash=certificatethumbprintvalue appid={47a9682c-5d73-4483-ab60-0ead47c0e9bd}

    where:
    certstorename= value can be altered as needed to point to the correct certificate store location
    certhash= value is set as the certificate thumbprint
    appid= value is set as above
    ipport= value is set to the webAPI port value to use for secure connection

Tip: 

If running in Power shell as administrator, first switch to netsh by typing netsh, then in the netsh console enter the commands from “http…”.

Some useful commands in netsh:

  • Show certificate assignments:
    netsh: http show sslcert
  • Delete assignments on a given port:
    netsh: http delete sslcert ipport=0.0.0.0:9000

Test WebAPI with SSL

After applying the changes to use SSL, it is necessary to validate API function and connectivity via WebAPI.

Related to

Related articles

Comments

0 comments

Please sign in to leave a comment.