Prev | Next |
Using HTTPS (SSL)
In order for the Pro Cloud Server to use an HTTPS (SSL) Port a valid SSL certificate is required. Having obtained a valid certificate, the certificate file and your private key file need to be concatenated to create a server.pem file. The server.pem file must then be added to the Pro Cloud Server installation's 'Service' folder (e.g. C:\Program Files (x86)\Sparx Systems\Pro Cloud Server\Service).
Note on SSO (Windows Authentication and OpenID)
By default, the HTTPS port has 'Model authentication' enabled. When connecting using SSO authentication (either Windows Active Directory Domain authentication or OpenID) this means that the user is authenticated by the Pro Cloud Server, and not by the Enterprise Architect client.
For this to work the Pro Cloud Server service must have access to the authentication provider;
- Windows Authentication: the service must have access and permissions to the Domain Controller. By default the service runs as Local System, which will inherit the permissions of the logged in user. If the logged in user is a Domain member then it will have access by default, but in more restrictive domain environments it may be necessary to configure the service to run as a Domain Member and not as Local System
- OpenID: For OpenID to work it needs internet access to the OpenID provider's URLs used for authentication. If there is a proxy connection then this needs to be set for account the runs the Pro Cloud Server service. By default this is Local System - so setting the proxy through Internet Options is not sufficient and needs to be set on an elevated command line using commands such as: netsh winhttp set proxy 10.0.0.1:8080
Configuring the Pro Cloud Server to use HTTPS
Step |
Description |
See also |
---|---|---|
1 |
Obtain a signed SSL certificate. For the Pro Cloud Server you will require the certificate file and your private key file (both should be base64 encoded). Note, this is the same process used when obtaining an SSL certificate for a website that uses HTTPS. There are many ways to achieve this, and the specific details are beyond the scope of this documentation. In general, it is preferred to use a certificate that has been signed by a globally trusted root Certificate Authority (CA). Some certificate authorities provide a service of signing SSL certificates for a fee; there are also free options available such as 'Let's Encrypt'. In some cases (e.g. for testing purposes, or for setups that are entirely within a closed network) you might consider using a self-signed certificate, or create your own Certificate Authority and use this to sign your certificate/s. See the Self-Signed SSL Certificates and Using Your Own Certificate Authority (CA) Help topics for details. |
Self-Signed SSL Certificates Using Your Own Certificate Authority (CA) |
2 |
Create a server.pem file by concatenating your private key file and certificate file . For example, use this command: Windows: copy /b cloud.mycompany.com.key+cloud.mycompany.com.crt server.pem Linux: cat cloud.mycompany.com.key cloud.mycompany.com.crt > server.pem |
|
3 |
Copy the server.pem to the Pro Cloud Server installation's 'Service' folder (e.g. C:\Program Files (x86)\Sparx Systems\Pro Cloud Server\Service). |
|
4 |
If you have not already, configure a Pro Cloud Server Port that has the protocol set to HTTPS (for a new installation Port 805 is set to use HTTPS by default). See the Add a Port Definition Help topic for details. |
Add a Port Definition |
5 |
Restart the Pro Cloud Server service. |
|
6 |
Check the Pro Cloud Server log file (e.g. C:\Program Files (x86)\Sparx Systems\Pro Cloud Server\Service\Logs\SSProCloudServerLog-1.log) and confirm that the Port opened successfully. For example: 2022-01-01 15:00:03 [INFO]: Thread X SUCCESS Bound and listening on soap Port 805 (https) |