HTTPS enabling

HTTPS enabling

During installation you were asked to select the access protocol for the application as either HTTP or HTTPS. If you selected HTTPS then all communication between the browser and the application will be encrypted. Using HTTPS is recommended when installing InterFormNG2 as a server.

 

Please refer to the section, Certificates for limitations concerning the support of implementing certificates in InterFormNG2.

 

When you access the web interface, you will initially receive a warning that the certificate is not trusted. This is because InterFormNG uses a self-signed certificate by default.

To get rid of the warning, you need to purchase a certificate from a trusted provider and then configure InterFormNG to use the purchased certificate. The certificate must be imported into a keystore before it can be used. You can use the existing one (keystore/interformng2.p12) or create a new one.

 

Once you have the certificate in a store, you need to change a configuration file to point it to the new certificate. The configuration file is <INSTALL-LOCATION>/application-default.properties. On the windows platform the path is: C:\Program Files\InterFormNG2\application-default.properties

 

You need to modify the following configuration values:

 

server.ssl.key-store-type=PKCS12

server.ssl.key-store=keystore/interformng2.p12

server.ssl.key-store-password=password

server.ssl.key-alias=interform

trust.store=keystore/interformng2.p12

trust.store.password=password

 

Description:

 

server.ssl.key-store-type

The type of the store.

 

server.ssl.key-store

The path to the store file. If you place the file in a sub-directory of the install directory, then you can use a relative path.

If you specify the full path to the certificate file, then you need to specify a double backslash whenever you want to insert a backslash.

 

server.ssl.key-store-password

The password for the store.

 

server.ssl.key-alias

The alias for the certificate within the store. Some pfx files does not have an alias. If so, then you can comment this line out by preceeding it with #. This must fit the certificate alias. Please use the description below found via this link to identify the alias for your certificate.

 

trust.store

Same as server.ssl.key-store

 

trust.store.password

The password for the store.

 

After modifying the properties file, you need to restart the InterFormNG2 service in order for the changes to take effect.

 

Important: Please notice the hint for the alias below.

 

 

Switch from HTTPS to HTTP

If you want to switch from HTTPS to HTTP, then you should change the file: <INSTALL-LOCATION>/application-default.properties found in the path described above.

 

You need to change this:

 

1) All lines in the configuration file, which refers to server.* should be disabled (by preceding the command with #) or deleted.

2) The command line: jwt.secure.cookie=true should be changed into: jwt.secure.cookie=false.

 

After the change you should restart the InterFormNG2 service.

 

When you reconnect to InterFormNG2, then you might need to change the browser to run in incognito mode initially as the browser might have cached the connection as a secure connection only.

 

Here is how you can switch to incognito mode:

 

On your computer, open Chrome.

 

At the top right, click More

NG2Incognito0003

 

A new window appears. In the top corner, check for the Incognito icon:

NG2Incognito0001

 

You can also use a keyboard shortcut to open an Incognito window:

 

Windows, Linux, or Chrome OS: Press Ctrl + Shift + n.

Mac: Press NG2Incognito0002 + Shift + n.

 

 

 

Identifiying the alias

You can find the alias for the certificate by running this command in the same directory as where the certificate file is placed in:

 

keytool -list -keystore myfile.pfx

 

Below we run this command to identify the alias of the interformng2.p12 certificate, which is shipped with InterFormNG2 - in this case we run it on the Windows platform.

 

So first we start the command prompt, change to the directory where the certificate is placed (in this case C:\Program Files\InterFormNG2\keystore) and then run the command as below. (You also need to type in the password for the certificate)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

C:\Program Files\InterFormNG2\keystore>keytool -list -keystore interformng2.p12

Enter keystore password:

Keystore type: PKCS12

Keystore provider: SUN

 

Your keystore contains 1 entry

 

interform, Aug 30, 2019, PrivateKeyEntry,

Certificate fingerprint (SHA-256): 7D:DC:93:1F:6F:B4:F7:18:4C:4C:E1:F3:AF:40:66:9E:7A:1A:AC:12:60:F1:C9:F7:1A:C4:86:9A:DD:FD:F6:7A

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

You can see the alias as the characters written to the left of the comma (,) in the line after: "Your keystore contains 1 entry". So in the example above the alias is interform as marked in bold.

 

 

 

Using a self-signed certificate

If you do not wish to purchase a certificate, then you should as a minimum replace the certificate with a self signed one that you create yourself. Since the default certificate is distributed with InterFormNG, anyone who has a copy would otherwise be able to decrypt your communication.

 

You can use the Java keytool to create a new keystore with a new self-signed certificate. To use the Java keytool you need to have Java installed.

 

keytool -genkeypair -alias interform -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore interformng2.p12 -validity 3650

 

Copy the generated file to <INSTALL-LOCATION>/keystore/interformng2.p12, overwriting the existing one. If you use these settings, then you do not need to modify anything in application-default.properties, however you do need to restart the InterFormNG service before it takes effect.

    • Related Articles

    • Microsoft Entra ID Authentication

      This section describes the authentication for integration with AzureAD. Configuration steps on Microsoft Entra ID First create and configure the application in Microsoft Entra ID Active Directory Admin Center as follows. Create an app registration ...
    • Versioning of resources

      One optional feature in InterFormNG2 is versioning of resources. The versioning features makes it possible to maintain a version history on resources in the library. Versioning of resources is a way to keep track of changes to resources and this can ...
    • Latest java updates on IBM i

      Upgrade the java version on AS400 You can identify the java version by running this command: JAVA CLASS(*version) Then you will see a list list like this: java version "1.8.0_291" Java(TM) SE Runtime Environment (build 8.0.6.30 - ...
    • From Active MQ

      A workflow can be initiated by an MQ message. Create a new workflow and specify input type as either "From ActiveMQ" or "From IBM MQ" depending on what type of MQ that sends the message. When you select Active MQ as the input type on a workflow you ...
    • REST webservice basic example

      Below a simple setup is done to illustrate how the REST webservice basic can be setup. The example below can be run without any programming at all. First a simple template to prove, that the workflow has worked and returned a PDF: The template is ...