Security

Owned by Claudius Hörth
Feb. 08, 2024

Congree Bulk Check Service is ready to use SSL. If service consumer requires SSL, it can be configured using the following steps.

Configuring IIS

Open IIS Configuration manager on machine where Congree Bulk Check Service is installed.

If SSL is not configured before in IIS: For "Default Web Site" select "Edit bindings..." from the context menu, click "Add" and select https type.


On this step SSL certificate should be selected. A company which will use the Congree Bulk Check Service should have or generate (http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis) own certificate.

Configuring Congree Bulk Check Service

In common workflow, BCS installer takes care of service's security configuration. If the service does not work after IIS has been configured, or You have installed it in unsecure mode, use the following instructions to verify/activate SSL communication ability.

Open web.config file in the directory of Congree Bulk Check Service. Find "service" element with the name "Congree.BulkCheck.IISHost.BulkCheckService" and make sure that two endpoints exist with "bindingConfiguration" equal "DefaultHttpBinding" and "SslHttpBinding". It means that "BulkCheckService" supports both communication via HTTP and HTTPS.

It should look in the following way:

<service name="Congree.BulkCheck.IISHost.BulkCheckService">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="DefaultHttpBinding" contract="Congree.BulkCheck.Contracts.Linguistic.IBulkCheckService"/>
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="SslHttpBinding" contract="Congree.BulkCheck.Contracts.Linguistic.IBulkCheckService"/>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>

Note that modifications made to the configuration will be overwritten when BCS is reinstalled.

Configuring client machines

Microsoft Windows

After certificate is configured in IIS for HTTPS it should be added to Trusted Root Certificate Authorities on the client machines which will consume Congree Bulk Check Service.
To do this, open mmc.exe, select "Add or Remove Snap-ins", select "Certificates" for computer or personal account, click "Import" for Trusted Root Certificate Authorities and select certificate file (.cer) which is selected in IIS configuration.


Java environment

Open folder where currently used JRE version is installed (e.g. "C:\Program Files (x86)\Java\jre1.8.0_66\bin"). Run the following command line from JRE directory: 

keytool -import -alias CongreeBulkCheckSSL -file <certificatePath> -keystore <keyStorePath> -storepass <keyStorePassword>

where:

  • certificatePath is a path to .cer file generated on the first step;
  • keyStorePath is a path to JRE certificate store (e.g. "c:\Program Files (x86)\Java\jre1.8.0_66\lib\security\cacerts");
  • keyStorePassword is password for the certificate store. Note that by default "changeit" value is used for JRE certificate store.