Running the Management Portal (Private Web Server) Over TLS/SSL/HTTPS

Hi all,

I want to share a quick little method you can use to enable ssl with a self signed certificate on your local development instance of IRIS/HealthShare. This enables you to test https-specific features such as OAuth without a huge lift.

1. Install OpenSSL

Windows: https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.exe

Debian Linux: $ sudo apt-get -y install openssl

RHEL: $ sudo yum install openssl

2. Create a self-signed certificate pair. In your terminal (powershell, bash, zsh, etc)

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout apache-selfsigned.key -out apache-selfsigned.crt

Note -- This above command will create a certificate that lasts for a year.

3. Edit your private web-server to use the new self-signed certificate pair.

In you instance installation directory, edit your pws config <install-dir>/httpd/conf/httpd-local.conf. Add the following section before the "Include .. " directives.

# Port to listen for secure traffic On. The default is 443
LoadModule ssl_module "modules/mod_ssl.so"
Listen 10443

# Listen Virtual Host Block to define the keys we should use for that port
# If you define a different port in the Listen directive, change that here as well
<VirtualHost *:10443>

    # We need a servername, it has not effect but is required by apache
    ServerName mysecureinstance

    # Turn on SSL for this Virtual Host
    SSLEngine on

    #key files, replace these paths with the path you generated the keys from in step 2.
    SSLCertificateFile "/path/to/apache-selfsigned.crt"

    SSLCertificateKeyFile "/path/to/apache-selfsigned.key"
</VirtualHost>

Here is an example of my config file:

In action:

Note: this type of HTTPS support is not supported by InterSystems and if you need a production product you should follow directions to install apache2 / IIS / nginx in it's full form.