/
SSL Support

SSL Support

It is possible to run Kodiak OMS web services under ssl.

Certificate

A supported and trusted ssl certificate must be availble on the server.

Port registration example

This show how to register a certificate for ports. In our example we will be using 3 ports. 8091, 9091 and 5001.

netsh http add sslcert ipport=0.0.0.0:8091 certhash=991ab4fb6080ce11d64ba60bea79f4f81a014bb0 appid={12345678-1234-1234-1234-123456789013} netsh http add sslcert ipport=0.0.0.0:9091 certhash=991ab4fb6080ce11d64ba60bea79f4f81a014bb0 appid={12345678-1234-1234-1234-123456789013} netsh http add sslcert ipport=0.0.0.0:5001 certhash=991ab4fb6080ce11d64ba60bea79f4f81a014bb0 appid={12345678-1234-1234-1234-123456789013}

 

Renewal/Removal

In case the certificate needs to be renewed or changed the old certificate needs to be removed

netsh http delete sslcert ipport=0.0.0.0:8085

 

Kodiak Server

appSettings.config

<!--Main url used for web services--> <add key="BaseUrl" value="https://kodiak-staging.kodi.is:8091/" /> <!--The location of the token dealer--> <add key="TokenDealerUrl" value="https://kodiak-staging.kodi.is:9091"/> <!-- The location of the trade report server Web API. Used by clients--> <add key="TradeReportServerAPIUrl" value="https://kodiak-staging.kodi.is:8091"/> <!-- The location of the trade report server websocket url. Used by clients--> <add key="TradeReportServerWebsocketUrl" value="wss://kodiak-staging.kodi.is:5001"/> <add key="InvoiceUrl" value="https://kodiak-staging.kodi.is:8091/InvoiceService.svc" />

 

serviceModel.configuration

Behaviors

 

Finding Certificates in the behavior.

It is possible to set the x509FindType to use different methods to find the certificate. Below are examples for subject name or thumbprint. Thumbprint values need to be changed when the certificate is renewed and the value changes. FindBySubjectName should be more resilient to such changes.

 

FindByThumbprint

<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" findValue="991ab4fb6080ce11d64ba60bea79f4f81a014bb0"/>

FindBySubjectName

<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="kodiak-staging.kodi.internal"/>

 

Binding

Services

 

Trade Report Server

To enable ssl for the Trade Report server a certificate thumbprint must be specified under TradeReportServerWebsocketCertificateThumbPrint. (Beware of hidden characters when pasting from certificate details window.)

 

Client

Related content

Kodiak Token Service and Authenticator
Kodiak Token Service and Authenticator
More like this
Custom Services with different url (https)
Custom Services with different url (https)
Read with this
Authentication and Authorization
Authentication and Authorization
More like this
The caller was not authenticated by the service.
The caller was not authenticated by the service.
More like this
Connecting from DMZ
Connecting from DMZ
More like this
Getting started
Getting started
More like this