Set up HTTPS - j5 - 28.0 - Installation & Upgrade - Hexagon PPM

j5 Installation and Upgrade

Language
English (United States)
Product
j5
Search by Category
Installation & Upgrade
j5 Version
2019

For a production instance of j5, we recommended that HTTPS (SSL) is configured. HTTPS provides encryption of the communications between the users’ browsers and the j5 server, which is important for security and confidentiality.

A command-line utility is provided with j5 that imports an SSL certificate and private key and configures the j5 Load Balancer to use them. The utility can import any one of the following formats:

  • PKCS#12/PFX: Imports a .pfx or .p12 file

    From Framework 2019 28.0.48231, all of the certificates in this file are imported. This is important for j5 Mobile to work.

  • PKCS#7: Imports a certificate and key in separate files (.p7b and .key)

  • PEM Standard: Imports a .pem file containing the certificate and key

  • PEM Standard: Imports a certificate and key in separate files (.crt and .key)

For example, to set up HTTPS from a PFX file:

  1. Download or export the j5 server’s signed certificate and private key in PFX format.

  2. Start a Command Prompt as Administrator.

  3. Run:

    "C:\Program Files (x86)\j5\framework\bin\KeyManager.exe" import-https-certificate <pfxfile.pfx>

  4. If prompted, enter the Import Password.

  5. You should see the following output:

    HTTPS File Status:

    Certificate: Present (Required)

    Private Key: Present (Required)

    Certificate Hostname: example-server

  6. Run the j5 Setup Wizard from the Windows Start menu and complete the wizard. j5 Setup automatically verifies your certificate chain.

  7. When the j5 Setup Wizard is complete, you can connect to j5 using HTTPS.

It is also possible to import a certificate and key from PEM format files. For additional information, run:

"C:\Program Files (x86)\j5\framework\bin\KeyManager.exe" -h

The following HTTPS related configuration points are available under the Ports node in the j5 System Management Console:

  • j5 HTTPS Port: Defaults to 443. This is the port that users should connect to after HTTPS is set up. If this is changed, j5 Mobile running on Windows 10 devices will not be able to connect.

  • HTTPS Certificate: The location of the imported HTTPS Certificate file. This is set automatically by the KeyManager tool, and should not be manually adjusted.

  • HTTPS Private Key: The location of the imported HTTPS Private Key file. This is set automatically by the KeyManager tool, and should not be manually adjusted.

  • Force enable HTTP: Defaults to False. To enable both HTTP and HTTPS, set this option to True. This is not recommended if HTTPS has been set up, but may be required for compatibility with existing systems, for example, SOAP Web Service interfaces.