Select the HTTPS protocol using Global Binding Configuration

Select the HTTPS protocol

1. Specify the globalcommssetting path in admindwcf.exe.config and globalwcfclient.config files in Administration, Global, E3D Design etc.

   

2. Open Administration and in Settings menu click Global Binding Configuration. For the local hub to product communication any protocol can be used.

3. In the Binding Settings window, https protocol for communication between two locations (demon to demon) over the WAN/inernet is required. Select either BasicHttp_Transport_Certifcate or WsHttp_Transport_Certificate to enable HTTPS.

   

4. Enter the client certificate subject (common name) or thumbprint value in the Certificate field of the Client section of the Binding Settings window.

5. Enter the service certificate subject value in the Certificate field of the Service section of the Binding Settings window.

   Installing the public key copy of neighbor location’s service certificate is optional. It is an additional security measure. Generally, the service certificate’s common/subject name is same as the host name in the address used for global. If it is different, an identity mismatch error occurs. To resolve this, use remote service validation. For more information, see Remote service validation.

   Note: A single private key certificate per location can’t be used when using HTTPS. Use two certificates per location one for client and another for service.

   At hub:

   

   At satellite:

   

6. Select Apply and perform a save.

7. Start the global demon to see the endpoints demon. Verify it contains one HTTPS endpoint.

   

Certificate Binding

Once the service certificate is installed it needs to be bound with ip address and port number. This is done by executing the netsh command. See the following procedures for detailed information.

Delete an existing certificate binding

8. Open Command Prompt in Administrator mode.

9. Enter the command statement:

   netsh http delete sslcert ipport=<IP address>:<port number>

   for example:

   netsh http delete sslcert ipport=0.0.0.0:8009

   Here, 0.0.0.0 is the IP address and translates to machine name, and 8009 is the port number to be cleared for use as an HTTPS communication.

Add a certificate binding

10. Open Command Prompt in Administrator mode.

11. Enter the command statement:

    netsh http add sslcert ipport=0.0.0.0:<port number> certhash=<certificate thumbprint> appid={0e1409bd-eee7-4bcd-a52e-8c6c78569e2f}

    

Bind the installed certificate with the port

After installing the service certificate, bind it to the IP address and port number for each location. To do this:

12. First check if a certificate is already bound to the IP address and port number to be used.

13. Open Command Prompt in Administrator mode.

14. Enter the command statement:

    netsh http show sslcert

    Command Prompt shows a list of any existing certificate bindings.

Locate the certificate thumbprint

15. Open MMC and navigate to the certificate installed in the Personal folder.

16. Select the certificate.

    The Certificate window opens.

17. Select the Details tab.

18. Scroll to the bottom of the list to locate the certificate's thumbprint value.

    

    The appid parameter is a GUID that can be used to identify the owning application.

    Note: As a guide, you can use any valid command that works for your configuration. For example: netsh http add sslcert ipport=0.0.0.0:8009 certhash=8b89057c9a63374b3ef2fa263200fb83c64ca105 appid={0e1409bd-eee7-4bcd-a52e-8c6c78569e2f}

    

Note: For more information about configuring a certificate with ports from Microsoft, refer to How to: Configure a Port with an SSL Certificate in the Microsoft Learn documentation.