Article
· Nov 25 3m read

Programmatic configuration of SSL Connections with the Superserver

Greetings dear community members!

I have recently been deploying an IRIS for Health image on a Docker with a preconfigured Webgateway image and I have come across the problem of the SSL configurations that allow us to connect to the IRIS instance using HTTPS and going through our Webgateway.

Until now I had always deployed IRIS for Health with a Community license, which still has the Private Web Server installed, so I only needed to configure the Webgateway connection with the deployed IRIS instance:

Access the management portal using the URL provided by the PWS and enable access to the Superserver from its configuration screen:

By selecting port 1972 we could see the security information and we only needed to enable SSL connections with the previously created %SuperServer SSL/TLS configuration:

Well, with non-Community versions the last step of the configuration is not feasible, since we do not have web access to our IRIS instance, therefore, we will have to do it programmatically so that when deploying our Docker it not only creates the SSL/TLS configuration but also enables SSL connections with the superserver that the webgateway will use for the connection.

To do this we must use the  Security.Servers  class that allows us to perform the same configuration. Below you can see a class method that will create the SSL connection %SuperServer and then enable said connections with port 1972:

Method EnableSSLSuperServer(password="")
{
    New $NAMESPACE
    zn "%SYS"
    set certdir=..SSLDirectory
    set CAfile = ..SSLCertAuth
    set certfile = ..SSLCertificate
    set keyfile = ..SSLKey
    set sslconfig = ##class(Security.SSLConfigs).%New()
    do sslconfig.CAFileSet(certdir_CAfile)
    do sslconfig.CertificateFileSet(certdir_certfile)
    do sslconfig.PrivateKeyFileSet(certdir_keyfile)
    if password'="" do sslconfig.PrivateKeyPasswordSet(password)
    do sslconfig.DescriptionSet("SuperServer configuration")
    do sslconfig.EnabledSet(1)
    do sslconfig.TypeSet(1)
    do sslconfig.NameSet("%SuperServer")
    set sc=sslconfig.%Save()
    If (sc'=1) {
        Write !, "WARNING: Creating and saving the %SuperServer SSL configuration failed!"
        Write !, $system.Status.GetErrorText(sc)
    }

    If (sc'=1) {
        Write !, "WARNING: Getting the system security settings failed!"
        Write !, $system.Status.GetErrorText(sc)
    }
    set sc = ##class(Security.Servers).Get("1972",,.propsSuperServer)
    set propsSuperServer("Enabled") = 1
    set propsSuperServer("SSLSupportLevel") = 1
    set propsSuperServer("SSLConfig") = "%SuperServer"
    set sc = ##class(Security.Servers).Modify("1972",,.propsSuperServer)

    If (sc'=1) {
        Write !, "WARNING: Modifying the system's SSLSuperServer property failed!"
        Write !, $system.Status.GetErrorText(sc)    
    }
    Write !, "Done enabling SSL for the SuperServer"
}

In more detail, this will be the code snippet that enables SSL for 1972:

set sc = ##class(Security.Servers).Get("1972",,.propsSuperServer)
    set propsSuperServer("Enabled") = 1
    set propsSuperServer("SSLSupportLevel") = 1
    set propsSuperServer("SSLConfig") = "%SuperServer"
    set sc = ##class(Security.Servers).Modify("1972",,.propsSuperServer)

I hope you find it useful!

Discussion (1)2
Log in or sign up to continue