Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

It is possible to run Kodiak OMS web services under ssl.

Certificate

A supported and trusted ssl certificate must be availble on the server.

Port registration example

This show how to register a certificate for ports. In our example we will be using 3 ports. 8091, 9091 and 5001.

netsh http add sslcert ipport=0.0.0.0:8091 certhash=991ab4fb6080ce11d64ba60bea79f4f81a014bb0 appid={12345678-1234-1234-1234-123456789013}
netsh http add sslcert ipport=0.0.0.0:9091 certhash=991ab4fb6080ce11d64ba60bea79f4f81a014bb0 appid={12345678-1234-1234-1234-123456789013}
netsh http add sslcert ipport=0.0.0.0:5001 certhash=991ab4fb6080ce11d64ba60bea79f4f81a014bb0 appid={12345678-1234-1234-1234-123456789013}

Renewal/Removal

In case the certificate needs to be renewed or changed the old certificate needs to be removed

netsh http delete sslcert ipport=0.0.0.0:8085

Kodiak Server

appSettings.config

<!--Main url used for web services-->
<add key="BaseUrl" value="https://kodiak-staging.kodi.is:8091/" />

<!--The location of the token dealer-->
<add key="TokenDealerUrl" value="https://kodiak-staging.kodi.is:9091"/>

<!-- The location of the trade report server Web API. Used by clients-->
<add key="TradeReportServerAPIUrl" value="https://kodiak-staging.kodi.is:8091"/>

<!-- The location of the trade report server websocket url. Used by clients-->
<add key="TradeReportServerWebsocketUrl" value="wss://kodiak-staging.kodi.is:5001"/>

<add key="InvoiceUrl" value="https://kodiak-staging.kodi.is:8091/InvoiceService.svc" />

serviceModel.configuration

Behaviors

  <behaviors>
    <serviceBehaviors>
      
      <behavior name="HttpsBehaviour">
        <dataContractSerializer maxItemsInObjectGraph="2147483647" />
        <serviceAuthorization principalPermissionMode="Custom">
          <authorizationPolicies>
            <add policyType="Kodi.Kodiak.Security.AuthorizationPolicy, Kodi.Kodiak.Security" />
          </authorizationPolicies>
        </serviceAuthorization>
        <serviceCredentials>
          <serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" findValue="991ab4fb6080ce11d64ba60bea79f4f81a014bb0"/>
        </serviceCredentials>
        <serviceDebug includeExceptionDetailInFaults="true" />
        <serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
      </behavior> 
      
      <behavior name="ServiceBehaviorBasicHttps">
        <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
        <serviceDebug includeExceptionDetailInFaults="false" />
        <dataContractSerializer maxItemsInObjectGraph="2147483646" />
      </behavior>

Binding

<wsHttpBinding>
    <binding name="WSHttpsBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false" maxBufferPoolSize="2147483646" maxReceivedMessageSize="2147483646">
      <readerQuotas maxDepth="2147483646" maxStringContentLength="2147483646" maxArrayLength="2147483646" maxBytesPerRead="2147483646" maxNameTableCharCount="2147483646" />
      <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
</wsHttpBinding>

  <webHttpBinding>
    <binding name="WebHttpsBinding">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </webHttpBinding>

Services

    <service behaviorConfiguration="HttpsBehaviour" name="KodiakService">
      <endpoint address="" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding" contract="Kodi.Kodiak.Services.ServiceContracts.IKodiakService" />
      <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
    </service>
    
  <service behaviorConfiguration="ServiceBehaviorBasicHttps" name="ExternalOrderEntryService">
    <endpoint address="" binding="webHttpBinding" bindingConfiguration="WebHttpsBinding" contract="Kodi.Kodiak.Services.IExternalOrderEntryService" behaviorConfiguration="rest" />
  </service>

Trade Report Server

To enable ssl for the Trade Report server a certificate thumbprint must be specified under TradeReportServerWebsocketCertificateThumbPrint. (Beware of hidden characters when pasting from certificate details window.)

  <add key="TradeReportServerWebsocketPort" value="5001"/>
  <add key="TradeReportServerWebsocketAddress" value="0.0.0.0"/>  
  <add key="TradeReportServerWebsocketCertificateThumbPrint" value="991ab4fb6080ce11d64ba60bea79f4f81a014bb0"/>   
  
  ...
  
  <add key="RestApiUrl" value="https://kodiak-staging.kodi.is:8091"/>

Client

...
    <add key="UrlPrefix" value="https://kodiak-staging.kodi.is:8091/" />
...
      <wsHttpBinding>
        <binding name="KodiakADHttp" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483646" maxReceivedMessageSize="2147483646" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
          <readerQuotas maxDepth="2147483646" maxStringContentLength="2147483646" maxArrayLength="2147483646" maxBytesPerRead="2147483646" maxNameTableCharCount="2147483646" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
          <security mode="Message">
            <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
            <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" />
          </security>
        </binding>

        <binding name="KodiakAD" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483646" maxReceivedMessageSize="2147483646" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
          <readerQuotas maxDepth="2147483646" maxStringContentLength="2147483646" maxArrayLength="2147483646" maxBytesPerRead="2147483646" maxNameTableCharCount="2147483646" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </wsHttpBinding>
  • No labels