Smart Connector: http end point using https data source with self signed certificate

ChrisLaurentius · ‎2018-06-11

Hi,

How do I set Smart Connector http end point with https source using self signed certificate?

I am always getting incorrect user name & password from the smart connector end point defined, despite using correct user name and password.

I am working on a client where they are changing all end point data source (SBO, PME, and DCE) from http to https.

All those systems are using self signed certificate.As Smart Connector is at the backend, we may not need to use https for Smart Connector's end point, yet.

This is similar to Adam Summers post, but he is defining the SC end point as https.

-I will post another question for that test (https SC end point with https data source)

EWS RESTful EWS Gateway binding with HTTPS

Setup:

Smart Connector version SmartConnector-2.3.117 with ISC.CustomSoapRestProvider.dll

Data source: DCE 750 on https only using self signed certificate.

Test done, setting SC http end point with https source using self signed

1.Downloaded DCE's self signed certificate from browser

2. Added DCE.cer to both Local Computer's Trusted Root CA and Personal

I can open a web browser from this windows where SC is to DCE's https without any prompt on untrusted certificate.

3.Defined SC end point as http, but with https DCE EWS source:

4.I can access http end point, but it always stated incorrect password, despite using correct user name and password

5.SOAP UI to DCE EWS via https using the same user name and password works:

Adam_Summers · ‎2018-06-13

Jeff, I'm supporting Chris on this one. There are 2 separate issues he's having. I haven't got to looking at the HTTPS to the API but am sure this is just a certificate issue. If I find anything useful to share with the community I will do on this post. I've been working with him on the https connection from the API to the ES, the following is useful for reference. If anyone want's to use the HTTP Rest Gateway and secure communication from the API to ES (which of course you should ) then my advice is to follow this topic and generate a new self signed certificate in the ES and add this to the Trusted Root Certificate store on the SmartConnector server Follow the guide here http://help.sbo.schneider-electric.com/Topics/show.castle?id=10339&locale=en-US&productversion=2.0&a... - after that simply setting the endpoint address to https should work. If you are seeing the error "Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost'.

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The remote certificate is invalid according to the validation procedure." in your log, then you need to add the certificate of the server (ES/AS) to your machine. It is advisable to generate a new certificate rather than use the default one.

See Answer In Context

JeffBowman · ‎2018-06-13

Hi Christopherus,

If I understand this questions correctly, you want to be able to connect to DCE from the SOAP EWS Rest Provider over HTTPs.(but the REST Endpoint is still HTTP)

Unfortunately the screenshots that are attached here are too small and I can't make out what your settings are set as. But in theory if HTTPS is configured on the EWS Endpoint (in this case DCE) then in theory.. All you need to do is set the 'Server Address' field in the SOAP EWS REST Provider to have a URL that starts with https:// instead of http:// (and of course, set the correct port if it is not the default HTTPS port)

If this doesn't work, can you set the logging level to TRACE, and turn on Rest Serve and Ews Consume logging filters to 'True', then run some tests using Swagger again, and attach those logs here?

Regards,

-Jeff

Adam_Summers · ‎2018-06-13

Jeff, I'm supporting Chris on this one. There are 2 separate issues he's having. I haven't got to looking at the HTTPS to the API but am sure this is just a certificate issue. If I find anything useful to share with the community I will do on this post. I've been working with him on the https connection from the API to the ES, the following is useful for reference. If anyone want's to use the HTTP Rest Gateway and secure communication from the API to ES (which of course you should ) then my advice is to follow this topic and generate a new self signed certificate in the ES and add this to the Trusted Root Certificate store on the SmartConnector server Follow the guide here http://help.sbo.schneider-electric.com/Topics/show.castle?id=10339&locale=en-US&productversion=2.0&a... - after that simply setting the endpoint address to https should work. If you are seeing the error "Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost'.

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The remote certificate is invalid according to the validation procedure." in your log, then you need to add the certificate of the server (ES/AS) to your machine. It is advisable to generate a new certificate rather than use the default one.

JeffBowman · ‎2018-06-13

Thanks for the update Adam Summers!

-Jeff

ChrisLaurentius · ‎2018-06-13

Adam Summers, your suggestion works, just the common name.

Was simply missing:

the self signed certificate entry for Common Name (CN), use source ip address if host name/dns is not available.

As earlier, this self signed certificate needs to be added to the trusted root certificate on the Windows where SC is installed

In pictures, easier, also for my own reference...

EBO:

In DCE: