Configure the server connection - j5 - 30 - Installation & Upgrade - Hexagon

j5 Mobile Installation
ft:locale
en-US
Product
j5
Search by Category
Installation & Upgrade
j5 Version
30

j5 Mobile requires the j5 server to use HTTPS.

For more information, see Configure HTTPS

For a production instance of j5, we recommend that HTTPS (SSL) is configured.

HTTPS provides encryption of the communications between your browsers and the j5 server, which is important for security and confidentiality.

Set up HTTPS

The command-line utility provided with j5 imports an SSL certificate and private key, and configures the j5 Load Balancer to use them.

The utility can import the following file formats:

  • PKCS#12/PFX: Imports a .pfx or .p12 file

    All the certificates in this file are imported. This is important for j5 Mobile to work.

  • PKCS#7: Imports a certificate and key in separate files (.p7b and .key)

  • PEM Standard: Imports a .pem file containing the certificate and key

  • PEM Standard: Imports a certificate and key in separate files (.crt and .key)

  • The SSL certificate must contain the canonical server name and (when applicable) the server aliases for your j5 system.

    For more information, see j5 Load Balancer setup.

    Canonical Server Name

    The canonical server name is the hostname j5 uses to create fully qualified URLs for j5 pages (for example, it is used in PDF reports that are emailed to users).

    This defaults to the server name. It should be set to the fully qualified DNS name (for example, j5.mycompany.com).

    • The canonical server name is configured on the j5 Load Balancer Setup page and can be manually changed under the Ports node in the j5 System Management Console.

    • If you are using HTTPS (as described in Configure HTTPS), the SSL certificate should be valid for the canonical server name configured.

    Server Aliases (space-separated)

    The canonical server name is the main name users can use to access j5.

    • If you want to access j5 with one name only (the canonical server name), leave this field blank.

    • If you want to access j5 with more than one name, list the alternative names here.

    For security reasons, j5 needs a list of all the names you are going to use to access it. j5 will deny access if you're not using one of these names.

    Confirmation checkbox

    Confirm that you understand that j5 can only be accessed at the Canonical Server Name and the Server Aliases host names.

  • Due to Android and iOS requirements, the SSL certificate must have a maximum lifetime of 398 days.

The Certificate Authority/Browser Forum is going to reduce the maximum lifetime of an SSL certificate over the next few years:

  • The maximum lifetime of 398 days is valid until mid-March 2026.

  • From mid-March 2026, the maximum lifetime of an SSL certificate will be 200 days.

  • From mid-March 2027, the maximum lifetime of an SSL certificate will be 100 days.

  • From mid-March 2029, the maximum lifetime of an SSL certificate will be 47 days.

PFX file example

  1. Download or export the signed certificate and private key for the j5 server in the PFX format.

  2. Run Command Prompt as administrator.

  3. Run "C:\Program Files\j5\framework\bin\KeyManager.exe" import-https-certificate <pfxfile.pfx>.

    If prompted, enter the Import Password.

    The following output appears:

    HTTPS File Status:

    Certificate: Present (Required)

    Private Key: Present (Required)

    Certificate Hostname: example-server

  4. Run the j5 Setup Wizard from your Windows Start menu.

  5. Complete the j5 Setup Wizard. j5 Setup automatically verifies your certificate chain. When this is complete, you can connect to j5 using HTTPS.

For additional information, run: "C:\Program Files\j5\framework\bin\KeyManager.exe" -h

HTTPS configuration points in the j5 System Management Console

Under the Ports node:

  • j5 HTTPS Port: Defaults to 443. This is the port that devices should connect to after HTTPS is set up.

    If the default j5 HTTPS port (443) is changed, j5 Mobile on Windows 10 devices will not be able to connect to j5.

  • HTTPS Certificate: The location of the imported HTTPS Certificate file. This is set automatically by the KeyManager tool, and should not be manually adjusted.

  • HTTPS Private Key: The location of the imported HTTPS Private Key file. This is set automatically by the KeyManager tool, and should not be manually adjusted.

  • Force enable HTTP: Defaults to False. Select True to enable HTTP when HTTPS is configured.

    We do not recommend enabling HTTP when HTTPS is set up, but it may be required for compatibility with existing systems (for example, SOAP Web Service interfaces).

To connect j5 Mobile to the j5 server:

  • The HTTPS certificate on the server must be trusted by the mobile device.

  • The signature chain on the certificate must to be trusted by your browser.

    If the certificate has been signed using your local Active Directory infrastructure that isn't part of the public trust network, the full certificate chain must be installed on the mobile device.

  • On j5 Mobile, enter the j5 server connection details on the Server Settings screen.

    For more information, see Server settings

    1. On the j5 Mobile sign in screen, select Settings at the bottom of the screen.

    2. Select Change server settings.

    3. Adjust the server settings as required:

      • j5 Host - The IP address or machine name of the j5 server.

      • oAuth Enabled? - Select this checkbox when oAuth authentication is used.

    4. Select Save.

    When a server setting is changed, all the j5 Mobile data on the device is discarded. If there is unsynchronized data on the device, a confirmation dialog appears allowing you to confirm or cancel the change.