Enabling SSL for FlowForce Server

www.altova.com Print this Topic Previous Page Up One Level Next page

Home >  Configuring the Server > Setting up SSL Encryption >

Enabling SSL for FlowForce Server

This topic deals with enabling SSL for the "FlowForce Server" service, that is, the service responsible for exposing Web services created with FlowForce to client machines. If you are looking to enable SSL between a browser and the FlowForce Web administration interface, see Enabling SSL for FlowForce Web Server.

 

Prerequisites:

 

You need a private key and its corresponding certificate signed by a certificate authority trusted by your browser (such as DigiCert, Comodo, and so on). You also need all the intermediary certificates provided by the certificate authority. For information about obtaining these, see Signing SSL Certificates with a Certificate Authority or Creating Self-Signed SSL Certificates.
If you created self-signed certificates, each client browser must be configured to trust your self-signed certificate authority (see Importing Root Certificates).

 

Once the prerequisites are met, you can secure the connection between a client machine and FlowForce Server as follows:

 

1.Open the FlowForce Server setup page (see Opening the Setup Page).
2.Find the settings grouped under "FlowForce Server" and do the following:

 

a.Select the Enabled check box under "SSL Encrypted Connection".
b.Next to "Bind address", select All interfaces (0.0.0.0), and enter the host name and port where FlowForce Server listens for SSL encrypted connections. Depending on the case, you can also select "other" and enter the IP address where FlowForce Server listens for SSL encrypted connections.

 

If you enter an IP address in the "other" field, this IP address must correspond to the SSL certificate's Common Name.

 

c.Enter the path to the certificate and private key file in their respective text boxes. The certificate must be in PEM format. The file extension of PEM files is usually .pem but it can also be .key, .cert, .cer, or .crt.
d.If applicable, enter the path to the intermediary certificate file (see Preparing Intermediary Certificates).
e.Optionally, clear the Enabled check box under "Unencrypted Connection". Note that this will make FlowForce Server unavailable through plain HTTP, so you should take this step only after the SSL encrypted connection works.

ff_ssl_02

3.Click Apply settings and restart FlowForce services.

 

 

Note the following:

 

The browser (or connecting client) will still display warnings if the Common Name (CN) of the SSL certificate does not correspond to the domain name or IP address where FlowForce Server runs.
If you are using self-signed certificates, the browser (or connecting client) will still display warnings if you did not add your CA root certificate to the operating system's certificate store, or to the browser's certificate store (see Importing Root Certificates)

© 2019 Altova GmbH