Overview
These instructions describe the procedure for setting up secure HTTPS message exchanges between the CAREWare 6 HTTP server and Business Tier.
Set up TLS certificate
Obtain an X.509 TLS certificate from a trusted Certificate Authority and use the Windows utility certlm to install it to the Trusted Root Certification Authorities certificate store on the machine that hosts the Business Tier. If certlm is not found in the Start Menu, you should be able to find it at
"C:\WINDOWS\SYSTEM32\CERTLM.MSC". Next, use the netsh command to bind this X.509 TLS certificate to the IP address and port number on which the Business Tier will accept incoming messages from the HTTP server. The syntax for this command is:
netsh http add SSLcert ipport=0.0.0.0:8000 certstorename=Root appid={FFFFFFFF-FFFF-FFFFFFFF-FFFFFFFFFFFF} certhash=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Values that you will need to specify are as follows:
ipport
The ip address and port number on which the Business tier will listen. You can specify a specific IP address here or leave it as 0.0.0.0 to listen on all IP addresses that refer to this machine.
certstorename
This will be “Root” if the certificate was added to the Trusted Root Certification Authorities store. appid
Generate a random GUID to identify the CAREWare HTTP server and use it for this parameter. certhash
This is also known as the “thumbprint” of the certificate. Using certlm, navigate to Trusted Root Certification Authorities/Certificates and double-click on the X.509 TLS certificate you added earlier. Click on the Details tab of the dialog box that opens and scroll down to the Thumbprint field to find this value.
Set up CAREWare to use HTTPS
Locate the CAREWare HTTP server’s configuration file: res_admin_settings.txt, located at:
C:\Program Files\CAREWare HTTP Server\cwhttp\res_admin by default. The first section of the URLs in the fields “state_url” and “get_doc_url” will be “http” if CAREWare is currently configured to use unencrypted communication between the Business Tier and HTTP server. Change the “state_url” and “get_doc_url” values so that they begin with “https” instead of “http”.
Use the CW Admin utility to change the Server Settings value with the tag “CWBusinessTierProtocol” from “http” to “https”.
Once these settings have been saved, restart both the Business Tier and the HTTP server. Log into CAREWare to test that https communication is working. Note that these steps DO NOT configure CAREWare to use HTTPS for communication between the browser and the HTTP server.