support home
New Release Info

You are here: MyConnection Server » Support » Tutorials » Enable HTTPS for MCS

Enable HTTPS for MCS

Since MyConnection Server v10.1a it's been possible to enable HTTPS for MCS. The process for doing this is detailed in this tutorial.

There are 4 steps to enabling HTTPs/SSL in MCS.

  • Create and apply your company’s SSL certificate. All HTTPs connection must have an SSl certificate
  • Convert the Certificate created in step 1 into a secure OpenSSL PKCS file
  • Package the secure PKS file into Java Key Store (.jks) file for MCS to use
  • Finally configure MCS to find and use the .jks file
STEP 1: Create the combined certificate file

Your company SSL certificate is required for this step… The certificate will consist of 2 files, example yourdomain.com.crt and intermediateCA.crt.

These two file need to be combined together to make one file. The examples below show how to concatenate the two example named certificate files into a new combined file for both Windows and Linux platforms.

Linux Command

For Linux use the 'cat' command line from the Linux command prompt.

cat yourdomain.com.crt IntermediateCA.crt certs.txt

Windows

For Windows use the 'type' command line from the Windows command prompt.

type yourdomain.com.crt IntermediateCA.crt > certs.txt

type text combine command

Step 2: Use OpenSSL to package the certificate file

This step requires the use of the OpenSSL package to convert the new certificate file to the SSL PKCS file.

OpenSSL is commonly found on Linux.

For Windows users:

  • Install the full OpenSSL install exe appropriate for the processer architecture (32 bit or 64 bit)
  • Locate the bin directory in the install folder. By default the path is C:\OpenSSL-Win64\bin
  • Add the bin directory path to the PATH environment variable. This will allow the OpenSSL tool to be used from the command prompt from any directory.
  • Open a command prompt

Browse to the directory that contains the certificate text file and the private .key file (this will have also been provided by the signing authority).

Enter the command below to create the .pkcs12 file

openssl pkcs12 -export -inkey yourdomain.com.key -in certs.txt -out certs.pkcs12

openssl pkcs12
Example Windows command prompt

  • yourdomain.com.key is the key file provided by the signing authority
  • certs.txt is the text file created in the section above that contains the two certificate file contents
  • certs.pkcs12 is the file that will be created through this process

When hitting the enter key on this command a password prompt will appear. Enter a strong password and continue, this will be needed later.

The certs.pkcs12 file will now be created

Step 3: Create the Key Store File (.JKS) for MCS

This step requires the keytool utility, which is available in the Java JDK.

For Windows users the same steps are required from the last step. Add the bin path for the keytool utility to the PATH environment variable.

Open a command prompt (Windows) and browse to the directory that contains the .pkcs12 file from the previous step.

Enter the commands below:

openssl pkcs12 -export -inkey yourdomain.com.key -in certs.txt -out certs.pkcs12

keytool pkcs12 jks
Example Windows command prompt

As the image above shows, a password prompt will present itself. The first and second prompts are asking to enter/verify a new password. The third prompt is asking for the password set in the step above. To clarify, the .pkcs12 file has a password and now the .jks file has a password.

Excellent! A certs.jks (or whatever name was given) file has now been created.

Step 4: Configure MCS so it can find the JKS file

Go to the /data/ directory in the MCS root installation directory, by default on Windows c:\Program Files (x86)\MyConnection Server\Data.

Rename the example-https.ini file to https.ini.

Copy/move the JKS file to the /data/ directory.

Edit the https.ini file to reflect the correct JKS file name, JKS password, and domain name MCS will be running on, as highlighted below:

https.ini myconnection server

Once that has all been done restart the MCS service. MCS should now be accessible via HTTPS and any login requests that come over on HTTP will be redirected to HTTPS, as per the domain set in the https.ini file