Setting up HTTPS
YSoft SafeQ Job Service and YSoft SafeQ Client v3 in Spooler mode can be configured to communicate over HTTPS.
Setting up YSoft SafeQ Job Service
There are three ways how to set up YSoft SafeQ Job Service to use HTTPS. You can either:
Run the install script without providing a certificate, which will generate a self-signed certificate and use that. This self-signed certificate is automatically imported into the certificate store.
Provide a PKCS #12 certificate with a private key (.pfx file) during installation.
Install YSoft SafeQ Job Service without providing a certificate and later configure it to use a certificate from the certificate store.
Using self-signed certificate created automatically during installation
If you want to install YSoft SafeQ Job Service with a self-signed certificate that is generated during installation, you can do so by not providing HttpsCertificatePath and HttpsCertificatePassword during installation. For example by calling the following script
.\install.ps1 `
-SpocAddress
SPOC_IP `
-NrgAddresses
SITE_SERVER_1,SITE_SERVER_2,SITE_SERVER_3 `
-SigningCertificatePath
"PATH_TO_SIGNING_CERTIFICATE"
`
-SigningCertificatePassword
SIGNING_CERTIFICATE_PASSWORD
Providing a PKCS #12 (.pfx file) during installation
You can provide the certificate by providing a path to .pfx file using HttpsCertificatePath and password using HttpsCertificatePassword.
.\install.ps1 `
-SpocAddress
SPOC_IP `
-NrgAddresses
SITE_SERVER_1,SITE_SERVER_2,SITE_SERVER_3 `
-SigningCertificatePath
"PATH_TO_SIGNING_CERTIFICATE"
`
-SigningCertificatePassword
SIGNING_CERTIFICATE_PASSWORD `
-HttpsCertificatePath
"PATH_TO_SSL_TLS_CERTIFICATE"
`
-HttpsCertificatePassword
SSL_TLS_CERTIFICATE_PASSWORD
Configuring YSoft SafeQ Job Service to use a certificate from the certificate store
Once you install YSoft SafeQ Job Service, it will either generate a self-signed certificate or use the one provided during installation and import it to the certificate store. If you want to reconfigure this certificate, you can do so by changing the HttpServerOptions:CertificateOptions section (see below) in the configuration file of the YSoft SafeQ Job Service (configuration/local.json).
{
...
"HttpServerOptions"
: {
"CertificateOptions"
: {
"Thumbprint"
:
"CERTIFICATE THUMBPRINT"
,
"StoreName"
:
"CERTIFICATE STORE NAME: AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople or TrustedPublisher"
,
"StoreLocation"
:
"CERTIFICATE STORE LOCATION: CurrentUser or LocalMachine"
}
}
...
}
Setting up YSoft SafeQ Client v3 in Server mode
There are two ways how to set up YSoft SafeQ Client v3 in Server mode to use HTTPS. You can either provide a certificate during installation or you can reconfigure the certificate after installation.
Providing a certificate configuration during installation
You can provide the certificate location during installation by using HttpsCertificateStoreLocation, HttpsCertificateStoreName, HttpsCertificateThumbprint. See below.
.\install.ps1 `
-SiteServerHosts
"localhost"
`
-SpoolerMode
"Server"
`
-HttpsCertificateStoreLocation
"LocalMachine"
`
-HttpsCertificateStoreName
"My"
`
-HttpsCertificateThumbprint
"2E69C921F3F417C176A299F1CC9A163FC925C019"
Configuring YSoft SafeQ Client v3 in Spooler mode to use a certificate from the certificate store after it was already installed
If you want to reconfigure YSoft SafeQ Client v3 in Spooler mode to use a different certificate than the one provided during installation, you can do so by changing the HttpServerOptions:CertificateOptions section (see below) in the configuration file of the YSoft SafeQ Client v3 in Spooler mode (versions/latest/configuration/local.json).
{
...
"HttpServerOptions"
: {
"CertificateOptions"
: {
"Thumbprint"
:
"CERTIFICATE THUMBPRINT"
,
"StoreName"
:
"CERTIFICATE STORE NAME: AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople or TrustedPublisher"
,
"StoreLocation"
:
"CERTIFICATE STORE LOCATION: CurrentUser or LocalMachine"
}
}
...
}