Running the Management Portal (Private Web Server) Over TLS/SSL/HTTPS
Updated Jan 19th, 2023.
Hi all,
I want to share a quick little method you can use to enable ssl with a self signed certificate on your local development instance of IRIS/HealthShare. This enables you to test https-specific features such as OAuth without a huge lift.
1. Install OpenSSL
Windows : Download from https://www.openssl.org or other built OpenSSL Binary. Debian Linux: $ sudo apt-get -y install openssl RHEL : $ sudo yum install openssl
2. Create a self-signed certificate pair. In your terminal (powershell, bash, zsh, etc)
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout apache-selfsigned.key -out apache-selfsigned.crt
Note -- This above command will create a certificate that lasts for a year.
3. Edit your private web-server to use the new self-signed certificate pair.
In you instance installation directory, edit your pws config <install-dir>/httpd/conf/httpd-local.conf. Add the following section before the "Include .. " directives.
# Port to listen for secure traffic On. The default is 443 # Update Jan 19th, 2023: No longer required to manually load the ssl_module # LoadModule ssl_module "modules/mod_ssl.so" Listen 10443 # Listen Virtual Host Block to define the keys we should use for that port # If you define a different port in the Listen directive, change that here as well <VirtualHost *:10443> # We need a servername, if you have a server name for your certificate, make sure to match that here. ServerName mysecureinstance # Turn on SSL for this Virtual Host SSLEngine on #key files, replace these paths with the path you generated the keys from in step 2. SSLCertificateFile "/path/to/apache-selfsigned.crt" SSLCertificateKeyFile "/path/to/apache-selfsigned.key" </VirtualHost>
Here is an example of my config file:
In action:
Note: using the private web server for anything other than the server management may encounter performance errors and isn't explicitly supported for a production configuration. A better option would be to configure the apache / httpd or IIS web server using the default web gateway. You can find instructions to configure a dedicated web server in our Web Gateway Guide, or contact someone at InterSystems.