Doorway Client

HTTPS MobileWeb Connector Configuration

Prerequisites

All prerequisites must be passed before the configuration can commence.

1. MobileWeb connector must be configured and running with settings that are going to be used in production, except that it is running http instead of https.

To verify that it is running, query the MobileWeb connector endpoint with browser.

For example http://localhost:8034/rest/registerversion.

Replace localhost:8034 with the actual values used in your installation. Note the port number, as it will be used again later in this guide.

The response from MobileWeb connector to the HTTP request should be a JSON with RegisterVersionResult and information about license and version numbers.

2. PowerShell version must be 3 or newer.

To determine PowerShell version, run the following command in PowerShell (as Administrator) prompt:

$PSVersionTable.PSVersion.Major

The output should be 3 or higher.

3. A valid certificate, with private key, must be installed on Personal Certificate Store for Local Computer account.

To see list of installed certificates run in PowerShell, as Administrator:

Get-ChildItem Cert:\LocalMachine\My

The certificate intended to be used with the MobileWeb connector must be shown in the output from the command.

To verify that you also have the private key for the certificate, an export with certutil -exportPFX should output message “Encryption test passed”.

Run the following in PowerShell (as Administrator):

certutil -exportPFX <thumbprint> foo.bar

Use the relevant thumbprint from the Get-ChildItem command before.

There should now come a prompt to provide password. Press ctrl+c to abort.

In the output for the certutil command it should say “Encryption test passed”, before the password prompt. If that’s the case, then the certificate is installed correctly, with private key.

If, in the output of the certutil command it says, “Cannot find the certificate and private key for decryption.”, then you don’t have the private key and cannot proceed with configuring MobileWeb connector for secure communication (https) until this is fixed.

Gather Information

1. Get MobileWeb port number

(This step can be skipped if you already got the MobileWeb connector port number in the prerequisite check section.)

Start PowerShell prompt as Administrator in MobileWeb installation folder under Totalview installation. It is often C:\Program Files (x86)\formula.fo\Totalview3\WCF\MobileWeb_XXX (where XXX is MobileWeb connector name in Totalview Admin).

Run the following command:

Get-Content Totalview3WCF.exe.config | Select-String “add baseAddress” | Select-Object -First 1

This should output the MobileWeb connector endpoint and the port number that it is running on.

2. Assign MobileWeb connector port number to PowerShell variable

Store the port number from previous command in a PowerShell variable by running the following command (RUN AS ADMINISTRATOR):

$mobilewebport = <port number>

Replace <port number> with the port number outputted in PowerShell command in previous section.

Example:

$mobilewebport = 8034

Verify that the port number was saved by running the following command:

echo $mobilewebport

It should output the port number to the console.

Use this same PowerShell session for the remainder of this guide.

3. Get certificate thumbprint

Take the thumbprint of the certificate that passed in step 3 of the prerequisite check. Assign it to a PowerShell variable the same way as you did with the mobilewebport variable:

$thumbprint = ‘<thumbprint>’

Example:

$thumbprint = ‘6042aef35be8da8a454d0288cf57f6e8’

Verify that the thumbprint was saved by running the following command:

echo $thumbprint

It should echo the thumbprint value in the console.

Use this same PowerShell session for the remainder of this guide.

Making the switch to HTTPS

MobileWeb Configuration

Method 1: Manual Edit

Stop the MobileWeb connector from the Totalview Admin console.

From Totalview Admin, select the MobileWeb connector in Connectors-Overview and press Install/Update.

Open Totalview3WCF.exe.config in a text editor and follow the instructions described there.

Method 2: Script

Stop the MobileWeb connector from the Totalview Admin console.

From Totalview Admin, select the MobileWeb connector in Connectors-Overview and press Install/Update.

Use the same PowerShell session as in previous sections. Make sure your current directory is in the MobileWeb connector folder.

Execute the following two commands to make the configuration changes MobileWeb connector configuration file:

$qm = [string]([char]34)

(Get-Content Totalview3WCF.exe.config).Replace(“baseAddress=$($qm)http://”, “baseAddress=$($qm)https://”).Replace(“bindingConfiguration=$($qm)basicHttpWithoutTls$($qm)”, “bindingConfiguration=$($qm)basicHttpWithTls$($qm)”).Replace(“bindingConfiguration=$($qm)webHttpWithoutTls$($qm)”, “bindingConfiguration=$($qm)webHttpWithTls$($qm)”).Replace(‘httpGetEnabled’, ‘httpsGetEnabled’).Replace(‘mexHttpBinding’, ‘mexHttpsBinding’) | Set-Content Totalview3WCF.exe.config

There is no output.

Verification

To verify that the configuration has been updated a sample of baseAddress attribute can be made. The protocol value should now be https, instead of http:

Get-Content Totalview3WCF.exe.config | Select-String “add baseAddress” | Select-Object -First 1

Windows OS Configuration

Run the following commands to assign the certificate to the port where the MobileWeb connector is running:

netsh http add sslcert ipport=”0.0.0.0:$mobilewebport” certhash=”$thumbprint” appid=”{bfc1c581-4403-4fcf-b527-5312d1511822}”

If you get error “Cannot create a file when that file already exists.”, then you need to remove existing sslcert configuration for same port. Running the following command, and rerunning previous netsh http add sslcert, should fix the issue:

netsh http del sslcert ipport=”0.0.0.0:$mobilewebport”

Now start the MobileWeb connector again.

Verification

Verify in Totalview Admin that the MobileWeb connector is running.

Open https://localhost:8034/rest/registerversion (replace localhost:8034 with the actual values used in your installation) in browser.

Request should work and browser should say that communication is secure and certificate is valid.

HTTPS configuration is now complete. Congratulations!

Post Script

Beware when upgrading MobileWeb connector, using the Install/Update functionality in Totalview Admin, that all value in Totalview3WCF.exe.config will be changed back to be http compatible. To support https again, this must be reconfigured. This can be done by through the steps described in Making the switch to HTTPS section.
Alternatively the configuration file (Totalview3WCF.exe.config) can be backed up before Install/Update and then restored afterwards.

Changing State Order

When logged in, admin users have the possibility to change the default order of states in the Doorway client. Just click on “Change state…

Registering SmartCards

In order to use a Smart Card to log in, users have to register their Smart Card in the application. Start by logging in and open the Smart..

Configuration

Once logged in, users have the possibility to further configure their application setup, by opening the configuration panel in the top ri…

Enabling the Smartcard Reader

In order to use a SmartCard reader for your Doorway Client, it has to be enabled in the settings panel in the section “Smart card reader”.

Changing the Keyboard Layout

If your organizational setup specifies that only numeric values can be entered as usernames, you can enable the use of a numeric keyboard.

Changing the Server Address

You can change the address of the Totalview Server by going to the settings panel and entering the address in “Server Address” section.

Specifying your state

Aside from viewing your current state information, the My State view gives you the possibility to specify your state by clicking on it.

My State

After logging in, you are presented with the My State view, where you can: view current state information and more…

Settings

The Totalview Doorway Client provides a number of administration settings that can be changed…

Installation

In order to install the Totalview Doorway Client on a Windows Tablet, you need to download the application from the Windows Store.

Totalview Doorway Client

If you require your employees to make state registrations at a specific location, you can use the Totalview Doorway Client.