Securing URL

Question

Question

Anas Smith · Jun 16

Hi Guys,

Not really familiar with how to secure URLs and using SSLs, but we currently looking to change our url from http:/www to https:/www so my understanding is once we get a certificate its a matter of creating a new SSL/TLS configuration and assign the certificate to it, then what how to apply it in out URL, or do we have to do this in IIS?

Thanks

Product version: Ensemble 2018.1

Discussion (5)2

Log in or sign up to continue

score 0 · Answer 1 · 2024-06-16T08:13:12-04:00

Do you want to use SSL/TLS for incoming connection to IRIS (Ensemble) or want to use SSL/TLS for outgoing connections from IRIS (Ensemble) to other systems, possibly using some HTTP/SOAP/etc. adapter?

Please provide some detail.

score 0 · Answer 2 · 2024-06-16T22:46:37-04:00

If you want to secure your web application, rest/soap api's and SMP then you need to do this in IIS/Apache.

Also if you plan to do this work, it would also be a good idea to disable PWS (private web server) and configure the ports served by PWS also to be served by IIS?Apache.

score 0 · Answer 3 · 2024-06-17T19:17:00-04:00

Thanks Guys, its just to secure access to URL eg. http://mywebsite.com to https://mywebsite.com.

Websites in IIS normally are running in %SystemDrive%\inetpub\wwwroot, is this the same for Ensemble websites when published in IIS and CSPGateway is just the mediator or Intersystems Ensemble website are actually running in CSPGateway, because in our case we are only applying the certificate for only one URL?

Thanks

score 0 · Answer 4 · 2024-06-17T22:01:49-04:00

essentially the webgateway/cspgateway relays the non-static portions of your website to Ensemble for processing and serving.

refer to: WebGateway Introduction | InterSystems IRIS Data Platform 2024.1

score 0 · Answer 5 · 2024-06-18T16:44:02-04:00

If you are accessing them through IIS now (i.e. using port 80) then you just need to get the SSL certificate set up in IIS and you'll be able to access those URLs using HTTPS. Keep in mind that HTTPS by default uses port 443, so you may have to make a firewall change accordingly.

You may also want to consider setting up a URL rewrite so that requests that come in as HTTP are redirected to their new HTTPS versions.