Description

This document will explain the steps required to complete the SSL configuration after installing 3.3, in case the operation could not be automated.

Requirements

• Manage for TEOS 3.3.x (or higher) On Premise installed
• Have access to the certificate used for TEOS 3.3, including the private key.
   

1. Preparing required certificate files

TEOS 3.3 has an additional installation for RabbitMQ. When updating to version 3.3, this installation is
automated. In case the TEOS installation is configured with HTTPS, this also requires some specific configuration to be done for RabbitMQ. This process is automated as much as possible, but in case the certificate used is not exportable on the server, not everything can be automated.
For the configuration to be complete, we need three certificate files in PEM format:
1) The CA certificate
2) Private key of the certificate
3)Public key of the certificate

Depending on the issuer of the certificate, these can either be downloaded directly or will have to be converted. The conversion can be done with different tools, below is an example to generate these files based on a .pfx file with OpenSSL.

Example generate private key file called private-teos.pem from pfx
Openssl.exe pkcs12 -in <example.pfx> -nocerts -nodes -password pass:"<password>” | Openssl.exe pkcs8 -nocrypt -out "private-teos.pem"

Example generate public key file called public-teos.pem from pfx
Openssl.exe pkcs12 -in $PFXPath -clcerts -nokeys -password pass:" <password>" | Openssl.exe x509 -out "public-teos.pem"

Example generate CA key file called ca.pem from p   fx
Openssl.exe pkcs12 -in $PFXPath -cacerts -nokeys -password pass:" <password>" | Openssl.exe x509 -out "ca.pem"


2. Installing the certificate and configuration
     2.1   Placing the certificates

Once the three certificate files are available, we need to place these on the server hosting TEOS. This can be done, for example in:
C:\Program Files\TEOS Manage\RabbitMQ\RabbitMQ\certs where this would then look like this:



      2.2   File configuration Replacement

Next we need to change a few configuration settings. We assume TEOS is installed in “C:\Program Files\TEOS Manage”, but in case a different directory is used, use that directory. In the file:

      2.2.1   Appsettings

In the file “C:\Program Files\TEOS Manage\www\tdm5\appsettings.json” change the following:

• Change every occurrence of “http://” to “https://”
• Change the port number “15675” to “15676”
• Change the port number “15672” to “15671”
• Change “Secure"": false” to “Secure"": true”

     2.2.2   web.config

In the file “C:\Program Files\TEOS Manage\ www\backbone\web.config ” change the following:

• Search for “baseUrl” and change the “http” to “https”
• Search for “playerBaseUrl” and change the “http” to “https”

    2.3   RabbitMQ Configuration

When the certificates are in place, and the configuration files have been updated, the final step is to add some additional configuration to RabbitMQ.

RabbitMQ uses the directory of the admin account used to install the Update. This is for example: C:\Users\Administrator\AppData\Roaming\RabbitMQ. This folder will look like this:

Create a new file called: “rabbitmq.conf”.
Put the following content in this file. Replace the path to the .pem files to the path where you placed your pem certificates if needed.

listeners.ssl.default     = 5671

ssl_options.cacertfile    = C:\\Program Files\\TEOS Manage\\RabbitMQ\\RabbitMQ\\certs\\ca.pem ssl_options.certfile             = C:\\Program Files\\TEOS Manage\\RabbitMQ\\RabbitMQ\\certs\\public- teos.pem

ssl_options.keyfile             = C:\\Program Files\\TEOS Manage\\RabbitMQ\\RabbitMQ\\certs\\private- teos.pem

management.ssl.port      = 15671

management.tcp.port      = 15672

management.ssl.cacertfile = C:\\Program Files\\TEOS Manage\\RabbitMQ\\RabbitMQ\\certs\\ca.pem management.ssl.certfile      = C:\\Program Files\\TEOS Manage\\RabbitMQ\\RabbitMQ\\certs\\public- teos.pem

management.ssl.keyfile      = C:\\Program Files\\TEOS Manage\\RabbitMQ\\RabbitMQ\\certs\\private- teos.pem

web_mqtt.tcp.port        = 15675

web_mqtt.ssl.port        = 15676

web_mqtt.ssl.backlog      = 1024

web_mqtt.ssl.cacertfile = C:\\Program Files\\TEOS Manage\\RabbitMQ\\RabbitMQ\\certs\\ca.pem web_mqtt.ssl.certfile           = C:\\Program Files\\TEOS Manage\\RabbitMQ\\RabbitMQ\\certs\\public- teos.pem

web_mqtt.ssl.keyfile           = C:\\Program Files\\TEOS Manage\\RabbitMQ\\RabbitMQ\\certs\\private- teos.pem

After this file is created and saved, the final step is to restart the RabbitMQ Service. To do this, open the services (services.msc in run), find the service called RabbitMQ and select restart.

The Configuration for SSL is now completed.