Notes
HTTPs support in MyConnection Server (MCS) requires version MCS 10.1a or above
As a best practice this tutorial documents 4 steps to create the MCS certificate file using the Windows platform. The certificate file can be transferred and used with MCS on both Linux and Windows platforms.
We recommend performing these steps on Windows even if MCS is installed on Linux.
Passwords used throughout the process must match and only contain letters and numbers, no special characters.
Overview
The 4 steps to enabling HTTPs/SSL in MCS are as follows:
- Create a combined SSL certificate that was provided by a certificate authority for use with MCS.
- Convert the Certificate created in step 1 to an OpenSSL PKCS file.
- Convert the PKS file into a Java Key Store (.jks) file for use by MyConnection Server.
- Configure MCS to locate and use the .jks file.
Notes:
Passwords used throughout the process must match and only contain letters and numbers, no special characters.
Files created during the certificate build steps have been color coded for clarity of use.
Support. If you need help with the SSL certificate application process please email us.
Step 1: Create the combined certificate file
A valid SSL certificate provided by the issuing certificate authority is required for this step. The certificate must consist of 2 files, example yourdomain.com.crt and intermediateCA.crt.
NOTE: Some certificate providers will provide a .PEM file option, for example yourdomain.com.pem. If you have a .PEM file then skip to Step 2.
The two certificate (.crt) files need to be combined together to create a single file as follows:
- Create and name a folder on the Windows desktop or other suitable location.
- Place the two certificate files to be combined in the named folder.
- Open a Windows command prompt and navigate to the named folder directory
- Enter the command: type yourdomain.com.crt IntermediateCA.crt › certs.txt (see example below) to create the combined file.
- Leave the command window open for continued use in step 2 below
Step 2: Install and use OpenSSL to package the combined certificate file
Step 3: Create the Java compatible Key Store File (.JKS) to be used by MCS
This step requires the Oracle Java keytool utility.
- If not already installed download and install the Oracle Java JDK.
- Add the JDK bin directory path to the Windows PATH environment variable.
- Enter the command line keytool -importkeystore -srckeystore certs.pkcs12 -srcstoretype PKCS12 -destkeystore certs.jks -deststoretype JKS (See example below)
- When requested, enter a strong alphanumeric for the destination password (8 to 16 characters) and re-enter the same password for confirmation when prompted.
- When prompted for the keystore password enter the same password used when creating the certs.pkcs12 file in Step 2, item 5. If these do not match the certificate will be denied at run time.
- The Java certs.jks file should have been created for use in Step 4.
Step 4: Configure MCS so it can find the JKS file
- Navigate to the \MCS root directory\data\ directory on the system where MCS has been installed. The Key is valid to be used on Linux or Windows platforms.
- For first time implementation rename the example-https.ini file to https.ini.
- Copy the certs.jks file created in step 3 above to the \MCS root installation directory\data\ directory.
- Edit the https.ini file and (1) amend the SSLKeyStoreFileName setting to reference the certs.jks file name, and (2) amend the SSLPassword setting to reference the password that was enter in step 2 item 5.
- The certificate configuration process is now complete. MCS should be stopped and restarted to enable the SSL certificate. Once enabled, only HTTPs traffic will be authorized and any user login requests initiated over HTTP will be automatically redirected to HTTPS. Note, port 80 is still required for redirects and support of high performance MCS hardware and software satellites which will continue to be authorized to ensure test accuracy.