HTTPS MobileWeb Connector Configuration¶
Prerequisites¶
All prerequisites must be passed before the configuration can commence.
1. MobileWeb connector must be configured and running with settings that are going to be used in production, except that it is running http instead of https.¶
To verify that it is running, query the MobileWeb connector endpoint with browser.
For example http://localhost:8034/rest/registerversion.
Replace localhost:8034 with the actual values used in your installation. Note the port number, as it will be used again later in this guide.
The response from MobileWeb connector to the HTTP request should be a JSON with RegisterVersionResult and information about license and version numbers.
2. PowerShell version must be 3 or newer.¶
To determine PowerShell version, run the following command in PowerShell (as Administrator) prompt:
$PSVersionTable.PSVersion.Major
The output should be 3 or higher.
3. A valid certificate, with private key, must be installed on Personal Certificate Store for Local Computer account.¶
To see list of installed certificates run in PowerShell, as Administrator:
Get-ChildItem Cert:\LocalMachine\My
The certificate intended to be used with the MobileWeb connector must be shown in the output from the command.
To verify that you also have the private key for the certificate, an export with certutil -exportPFX should output message “Encryption test passed”.
Run the following in PowerShell (as Administrator):
certutil -exportPFX <thumbprint> foo.bar
Use the relevant thumbprint from the Get-ChildItem command before.
There should now come a prompt to provide password. Press ctrl+c to abort.
In the output for the certutil command it should say “Encryption test passed”, before the password prompt. If that’s the case, then the certificate is installed correctly, with private key.
If, in the output of the certutil command it says, “Cannot find the certificate and private key for decryption.”, then you don’t have the private key and cannot proceed with configuring MobileWeb connector for secure communication (https) until this is fixed.
Gather Information¶
1. Get MobileWeb port number¶
(This step can be skipped if you already got the MobileWeb connector port number in the prerequisite check section.)
Start PowerShell prompt as Administrator in MobileWeb installation folder under Totalview installation. It is often C:\Program Files (x86)\formula.fo\Totalview3\WCF\MobileWeb_XXX (where XXX is MobileWeb connector name in Totalview Admin).
Run the following command:
Get-Content Totalview3WCF.exe.config | Select-String "add baseAddress" | Select-Object -First 1
This should output the MobileWeb connector endpoint and the port number that it is running on.
2. Assign MobileWeb connector port number to PowerShell variable¶
Store the port number from previous command in a PowerShell variable by running the following command (RUN AS ADMINISTRATOR):
$mobilewebport = <port number>
Replace <port number> with the port number outputted in PowerShell command in previous section.
Example:
$mobilewebport = 8034
Verify that the port number was saved by running the following command:
echo $mobilewebport
It should output the port number to the console.
Use this same PowerShell session for the remainder of this guide.
3. Get certificate thumbprint¶
Take the thumbprint of the certificate that passed in step 3 of the prerequisite check. Assign it to a PowerShell variable the same way as you did with the mobilewebport variable:
$thumbprint = "<thumbprint>"
Example:
$thumbprint = "6042aef35be8da8a454d0288cf57f6e8"
Verify that the thumbprint was saved by running the following command:
echo $thumbprint
It should echo the thumbprint value in the console.
Use this same PowerShell session for the remainder of this guide.
Making the switch to HTTPS¶
MobileWeb Configuration¶
Method 1: Manual Edit¶
Stop the MobileWeb connector from the Totalview Admin console.
From Totalview Admin, select the MobileWeb connector in Connectors-Overview and press Install/Update.
Open Totalview3WCF.exe.config in a text editor and follow the instructions described there.
Method 2: Script¶
Stop the MobileWeb connector from the Totalview Admin console.
From Totalview Admin, select the MobileWeb connector in Connectors-Overview and press Install/Update.
Use the same PowerShell session as in previous sections. Make sure your current directory is in the MobileWeb connector folder.
Execute the following two commands to make the configuration changes MobileWeb connector configuration file:
$qm = [string]([char]34)
(Get-Content Totalview3WCF.exe.config).Replace("baseAddress=$($qm)http://", "baseAddress=$($qm)https://").Replace("bindingConfiguration=$($qm)basicHttpWithoutTls$($qm)", "bindingConfiguration=$($qm)basicHttpWithTls$($qm)").Replace("bindingConfiguration=$($qm)webHttpWithoutTls$($qm)", "bindingConfiguration=$($qm)webHttpWithTls$($qm)").Replace('httpGetEnabled', 'httpsGetEnabled').Replace('mexHttpBinding', 'mexHttpsBinding') | Set-Content Totalview3WCF.exe.config
There is no output.
Verification¶
To verify that the configuration has been updated a sample of baseAddress attribute can be made. The protocol value should now be https, instead of http:
Get-Content Totalview3WCF.exe.config | Select-String "add baseAddress" | Select-Object -First 1
Windows OS Configuration¶
Run the following commands to assign the certificate to the port where the MobileWeb connector is running:
netsh http add sslcert ipport="0.0.0.0:$mobilewebport" certhash="$thumbprint" appid="{bfc1c581-4403-4fcf-b527-5312d1511822}"
If you get error “Cannot create a file when that file already exists.”, then you need to remove existing sslcert configuration for same port. Running the following command, and rerunning previous netsh http add sslcert, should fix the issue:
netsh http del sslcert ipport="0.0.0.0:$mobilewebport"
Now start the MobileWeb connector again.
Verification¶
Verify in Totalview Admin that the MobileWeb connector is running.
Open https://localhost:8034/rest/registerversion (replace localhost:8034 with the actual values used in your installation) in browser.
Request should work and browser should say that communication is secure and certificate is valid.
HTTPS configuration is now complete. Congratulations!