Configure HTTPS - j5 - 30 - Installation & Upgrade - Hexagon

j5 Installation and Upgrade
Language
English
Product
j5
Search by Category
Installation & Upgrade
j5 Version
30

For a production instance of j5, we recommend that HTTPS (SSL) is configured. HTTPS provides encryption of the communications between the users’ browsers and the j5 server, which is important for security and confidentiality.

Set up HTTPS

The command-line utility provided with j5 imports an SSL certificate and private key, and configures the j5 Load Balancer to use them. The utility can import any one of the following formats:

  • PKCS#12/PFX: Imports a .pfx or .p12 file

    All of the certificates in this file are imported. This is important for j5 Mobile to work.

  • PKCS#7: Imports a certificate and key in separate files (.p7b and .key)

  • PEM Standard: Imports a .pem file containing the certificate and key

  • PEM Standard: Imports a certificate and key in separate files (.crt and .key)

The certificate should contain the relevant canonical server name and when applicable, the relevant server aliases for your j5 system. For more information, refer to j5 Load Balancer setup.

In this example, a PFX file has been used:

  1. Download or export the j5 server’s signed certificate and private key in the PFX format.

  2. Run Command Prompt as administrator.

  3. Run "C:\Program Files\j5\framework\bin\KeyManager.exe" import-https-certificate <pfxfile.pfx>. If prompted, enter the Import Password.

    The following output appears:

    HTTPS File Status:

    Certificate: Present (Required)

    Private Key: Present (Required)

    Certificate Hostname: example-server

  4. Run the j5 Setup Wizard from your Windows Start menu.

  5. Complete the j5 Setup Wizard. j5 Setup automatically verifies your certificate chain. When this is complete, you can connect to j5 using HTTPS.

For additional information, run: "C:\Program Files\j5\framework\bin\KeyManager.exe" -h

HTTPS configuration points in the j5 System Management Console

Under the Ports node:

  • j5 HTTPS Port: Defaults to 443. This is the port that users should connect to after HTTPS is set up. If this is changed, j5 Mobile running on Windows 10 devices will not be able to connect.

  • HTTPS Certificate: The location of the imported HTTPS Certificate file. This is set automatically by the KeyManager tool, and should not be manually adjusted.

  • HTTPS Private Key: The location of the imported HTTPS Private Key file. This is set automatically by the KeyManager tool, and should not be manually adjusted.

  • Force enable HTTP: Defaults to False. To enable both HTTP and HTTPS, set this option to True. This is not recommended if HTTPS has been set up, but may be required for compatibility with existing systems, for example, SOAP Web Service interfaces.