You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
Welcome to the CAREWare FAQ Page
announcement close button
Home > CAREWare > Using HTTPS for communication between the HTTP server and Business Tier
Using HTTPS for communication between the HTTP server and Business Tier
print icon
Kevin Ricciardo
Mar 13, 2024
views icon 287

Overview

These instructions describe the procedure for setting up secure HTTPS message exchanges between the CAREWare 6 HTTP server and Business Tier.

Set up TLS certificate

Obtain an X.509 TLS certificate from a trusted Certificate Authority and use the Windows utility certlm to install it to the Trusted Root Certification Authorities certificate store on the machine that hosts the Business Tier. If certlm is not found in the Start Menu, you should be able to find it at

"C:\WINDOWS\SYSTEM32\CERTLM.MSC". Next, use the netsh command to bind this X.509 TLS certificate to the IP address and port number on which the Business Tier will accept incoming messages from the HTTP server. The syntax for this command is:

netsh http add SSLcert ipport=0.0.0.0:8000 certstorename=Root appid={FFFFFFFF-FFFF-FFFFFFFF-FFFFFFFFFFFF} certhash=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Values that you will need to specify are as follows:

ipport

The ip address and port number on which the Business tier will listen. You can specify a specific IP address here or leave it as 0.0.0.0 to listen on all IP addresses that refer to this machine.

certstorename

This will be “Root” if the certificate was added to the Trusted Root Certification Authorities store. appid

Generate a random GUID to identify the CAREWare HTTP server and use it for this parameter. certhash

This is also known as the “thumbprint” of the certificate. Using certlm, navigate to Trusted Root Certification Authorities/Certificates and double-click on the X.509 TLS certificate you added earlier. Click on the Details tab of the dialog box that opens and scroll down to the Thumbprint field to find this value.

Set up CAREWare to use HTTPS

Locate the CAREWare HTTP server’s configuration file: res_admin_settings.txt, located at:

C:\Program Files\CAREWare HTTP Server\cwhttp\res_admin by default. The first section of the URLs in the fields “state_url” and “get_doc_url” will be “http” if CAREWare is currently configured to use unencrypted communication between the Business Tier and HTTP server. Change the “state_url” and “get_doc_url” values so that they begin with “https” instead of “http”.

Use the CW Admin utility to change the Server Settings value with the tag “CWBusinessTierProtocol” from “http” to “https”.

Once these settings have been saved, restart both the Business Tier and the HTTP server. Log into CAREWare to test that https communication is working. Note that these steps DO NOT configure CAREWare to use HTTPS for communication between the browser and the HTTP server.

Feedback
0 out of 0 found this helpful

Attachments

Using_HTTPS_for_communication_between_the_HTTP_server_and_Business_Tier.pdf
close button
scroll to top icon