How to Configure HTTPS for Produmex Service Broker with a self-signed certificate

How to Configure HTTPS for Produmex Service Broker with a self-signed certificate

1. Produmex Service Broker Settings

Open the Produmex Service Broker configuration window from the Produmex Service Broker.

Enable HTTPS by setting the ‘HTTPS enable?’ setting to True, then set the port you would like to use as the ‘SSL Port to listen on’.

2. Create client certificate

Create the self-signed certificate on your server.

In this documentation we used MakeCert.exe which is a part of the Microsoft Windows SDK. You can download the Windows SDK from here:

Windows 10: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk
Versions previous to Windows 10: https://developer.microsoft.com/en-us/windows/downloads/sdk-archive

Open Command Prompt as an administrator and run the following command:
<path>makecert.exe -r -pe -n “CN=<name>” -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 <filename>.cer

Replace <path> with the actual access path of the MakeCert.exe. Adapt the <name> and the <filename> as well.

In this example we used the following command:
C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\makecert.exe -r -pe -n "CN=ServiceBroker" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 ServiceBroker.cer

In this documentation we used MakeCert.exe which is a part of the Microsoft Windows SDK for Windows 7 and .NET Framework 4. Please keep in mind that other versions of MakeCert or other certification generators might use different parameters.

3. Import the certificate on a Windows server

Run the Microsoft Management Console (mmc.exe). From the File menu select Add/Remove Snap-In.

Choose the Certificates snap-in and add it to the ‘Selected snap-ins’. On the opening Certificates snap-in select ‘Computer account’. On the next screen choose Local computer (or select the computer account) then click on the Finish button.

On the Console navigate to Certification via Certificates (Local computer) > Trusted Root Certification Authorities > Certification. Right-click on Certification and select Import… from All Tasks.

Follow the steps of the Certificate Import Wizard. Browse the ServiceBroker.cer, place the certificate to the Trusted Root Certification Authorities certificate store and finish the import.

Then import the certificate to the Personal folder as well, following the above described steps.

4. Bind the certificate to the port number

Bind the ServiceBroker.cer to the port number.

In this example we use the following netsh command in order to configure the certification to the port number.

Run the following command with Command Prompt:

netsh http add sslcert ipport=0.0.0.0:port certhash=thumbprint appid={app-guid}

Where:

ipport: is the IP address and the listening port. You can use a special IP address 0.0.0.0 that matches any IP address for the local machine. The listening port must be the same as the ‘SSL Port to listed on’ that is set on the Produmex Service Broker service configuration screen.
certhash: The thumbprint of the certificate is the certificate’s SHA-1 hash, represented in hexadecimal. In order to determine the certhash, open the certificate and go to the Details tab. Copy the thumbprint value to a text editor and remove all spaces between the hexadecimal characters. Make sure that there are no hidden characters in the string. (Eg. select the line and set the encoding to ANSI.)
appid: is the GUID (e.g. {00000000-0000-0000-0000-000000000000}) that identifies the owning application. The GUID of the Produmex Service Broker is {d4deb269-37e6-49db-a9cd-cd74f52d36c3}

Example command:
netsh http add sslcert ipport=0.0.0.0:50232 certhash=‎a828d05b70e88c9c904fe5149ad170ff89433102 appid={d4deb269-37e6-49db-a9cd-cd74f52d36c3}

5. Import the certificate

Besides the server, the certificate has to be imported on every computer that connects to Produmex Service Broker over HTTPS.

5.1. Import the certificate on a mobile device

In this example we installed the certificate on a Honeywell Dolphin 60 device with Windows Embedded Handheld 6.5 Classic operating system. The installation steps may differ based on the operating system and the device.

Copy the certificate file to the device, eg. to the My Documents folder.

Open the File Explorer from Start>Programs>File Explorer and open the folder where you copied the certificate. Tap on the certificate file you would like to import.

A ‘Certificate Installation’ message opens up. Press the ‘More’ button. To see the details of the certificate file, tap on the ‘requester’ link. To install the certificate, press the ‘Install’ button.

If the installation is successful, a confirmation message is displayed. The certificate is imported to the Root folder of Certificates.

If the certification installation doesn't start then try the following steps:

Copy your CER Files to the device
Click Start
Settings
Control Panel
Certificates
Import
Find the certificate and follow the prompts to install the certificate
Tap “OK” to close the certificate window

Table of Contents