SSL Support

Owned by Tómas Tómasson
Last updated: 21.05.2024
4 min read

It is possible to run Kodiak OMS web services under ssl.

Certificate

A supported and trusted ssl certificate must be availble on the server.

Port registration example

This show how to register a certificate for ports. In our example we will be using 3 ports. 8091, 9091 and 5001.

netsh http add sslcert ipport=0.0.0.0:8091 certhash=991ab4fb6080ce11d64ba60bea79f4f81a014bb0 appid={12345678-1234-1234-1234-123456789013} netsh http add sslcert ipport=0.0.0.0:9091 certhash=991ab4fb6080ce11d64ba60bea79f4f81a014bb0 appid={12345678-1234-1234-1234-123456789013} netsh http add sslcert ipport=0.0.0.0:5001 certhash=991ab4fb6080ce11d64ba60bea79f4f81a014bb0 appid={12345678-1234-1234-1234-123456789013}

 

Renewal/Removal

In case the certificate needs to be renewed or changed the old certificate needs to be removed

netsh http delete sslcert ipport=0.0.0.0:8085

 

Kodiak Server

appSettings.config

<!--Main url used for web services--> <add key="BaseUrl" value="https://kodiak-staging.kodi.is:8091/" /> <!--The location of the token dealer--> <add key="TokenDealerUrl" value="https://kodiak-staging.kodi.is:9091"/> <!-- The location of the trade report server Web API. Used by clients--> <add key="TradeReportServerAPIUrl" value="https://kodiak-staging.kodi.is:8091"/> <!-- The location of the trade report server websocket url. Used by clients--> <add key="TradeReportServerWebsocketUrl" value="wss://kodiak-staging.kodi.is:5001"/> <add key="InvoiceUrl" value="https://kodiak-staging.kodi.is:8091/InvoiceService.svc" />

 

serviceModel.configuration

Behaviors

 

Finding Certificates in the behavior.

It is possible to set the x509FindType to use different methods to find the certificate. Below are examples for subject name or thumbprint. Thumbprint values need to be changed when the certificate is renewed and the value changes. FindBySubjectName should be more resilient to such changes.

 

FindByThumbprint

<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" findValue="991ab4fb6080ce11d64ba60bea79f4f81a014bb0"/>

FindBySubjectName

<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="kodiak-staging.kodi.internal"/>

 

Binding

Services

 

Trade Report Server

To enable ssl for the Trade Report server a certificate thumbprint must be specified under TradeReportServerWebsocketCertificateThumbPrint. (Beware of hidden characters when pasting from certificate details window.)

 

Client