Secure Infoclient connection

<< Click to display Table of Contents >>

Navigation:  Client Applications > The Cordaware Infoclient > Configuration >

Secure Infoclient connection

 

!!!Attention!!!

 

This chapter contains information for the Cordaware bestinformed Infoclient up until version 6.2.2.5!

The examples shown in this chapter can't be used for the Infoclient Version 6.2.2.6 and up. Information regarding the secured Infoclient connection for Clientversion 6.2.2.6 and higher can be found here.

 

In order to set up a secured connection via SSL with your own certificates please proceed as follows:

 

1. Location of the certificates

Save your certificates in the installation directory in the folder "best_srv\etc\certs".

 

2. Adjusting the app.config

Open the "app.config" data in the folder "Cordware\best_srv\data\configs\". Now adjust the values for keyfile as well as certfile according to the names of your certificates.

 

SSL_keyfilecertfile

 

In the example we are using the names "Certificate.pem" and "Certkey.pem"

 

OLDSSL_CertfileKeyfile

 

 

 

Please note:

 

If your SSL certificate is password protected you can save those passwords encrypted in the best "local.ini" in the folder "C:\Program Files\Cordaware\best_srv\etc\". The encrypted passwords will be saved in a new section ([best_password]).

 

Example:

 

[best_password]

very_secret=secret

 

SSL_bestpassword

 

The password will be encrypted on the next start of your Cordaware bestinformed best_srv Service.

 

[best_password]

very_secret=cw_lNv4aYNoAmsABnNlY3JldGgDYQFhAWEB

 

SSL_bestpasswordverschluesselt

 

Afterwards in the "app.config" in the buri:ssl, the sslopts will be expanded by "{password, {cw,"very_secret"}}". "very_secret" refers to the key from the section [best_password]

 

 

3. Expand the settings from the infoclient connections via SSL

 

In the third step we are going to replace the options in the data "app.config" like in the screenshot shown below. The options can be copied from the following help field.

 

 

{ciphers, [

"ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384",

"ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384", "ECDHE-ECDSA-DES-CBC3-SHA",

"ECDH-ECDSA-AES256-GCM-SHA384","ECDH-RSA-AES256-GCM-SHA384","ECDH-ECDSA-AES256-SHA384",

"ECDH-RSA-AES256-SHA384","DHE-DSS-AES256-GCM-SHA384","DHE-DSS-AES256-SHA256",

"AES256-GCM-SHA384","AES256-SHA256","ECDHE-ECDSA-AES128-GCM-SHA256",

"ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES128-SHA256","ECDHE-RSA-AES128-SHA256",

"ECDH-ECDSA-AES128-GCM-SHA256","ECDH-RSA-AES128-GCM-SHA256","ECDH-ECDSA-AES128-SHA256",

"ECDH-RSA-AES128-SHA256","DHE-DSS-AES128-GCM-SHA256","DHE-DSS-AES128-SHA256",

"AES128-GCM-SHA256","AES128-SHA256","ECDHE-ECDSA-AES256-SHA",

"ECDHE-RSA-AES256-SHA","DHE-DSS-AES256-SHA","ECDH-ECDSA-AES256-SHA",

"ECDH-RSA-AES256-SHA","AES256-SHA","ECDHE-ECDSA-AES128-SHA",

"ECDHE-RSA-AES128-SHA","DHE-DSS-AES128-SHA","ECDH-ECDSA-AES128-SHA",

"ECDH-RSA-AES128-SHA","AES128-SHA"

]

},

{verify, verify_none}

 

SSL_appconfigersetzen

 

4. Restart the best_srv services

 

After finishing the steps 1-3 you can restart the Cordaware_bestinformed_best_srv service and connect your Infoclient via SSL with the port 8431 to your Infoserver afterwards.

 

Old_SSL01_EN