This article applies to the following products:
- Messageware Exchange Protocol Guard 2019
- Messageware Exchange Protocol Guard 2016
- Messageware Exchange Protocol Guard 2013
- Messageware OWA Guard 2016
- Messageware OWA Guard 2013
- Messageware OWA Guard 2010
SUMMARY
EPG Reports rely on SQL Reporting Services that by default are using port 80 for communication with the database. The article presents a way to enable more secure way of communication using encrypted traffic using HTTPS port 443.
STEPS
If no Certificate Authority is installed in the domain, we will have to generate a Self-Signed to be able to use it to encrypt the traffic
On the SQL server, please perform the steps below to generate a Self-Signed certificate and install it to both Personal Store and Trusted Root Certifications authorities
- The scripts uses a path "c:\Temp". Please confirm that Temp folder exists on the C drive before proceeding to step 2.
- Open PowerShell as Administrator and type the following commands
- New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\my -dnsname SQLHOSTNAME -NotAfter (Get-Date).AddMonths(60) (please replace the SQLHOSTNAME with an actual Hostname of your SQL Server)
- $pwd=ConvertTo-SecureString "password" -asplainText -force (please replace the password with a more complicated string)
- $file="C:\temp\SQLcertificate.pfx" (the location where the certificate will be exported)
- Export-PFXCertificate -cert cert:\LocalMachine\My\<Thumbprint produced during first command> -file $file -Password $pwd (Export the certificate to a file)
- Import-PfxCertificate -FilePath $file cert:\LocalMachine\root -Password $pwd (the command imports the generated certificate into the Trusted Root Certification Authorities store)
- Configure the SQL Reporting Services to use the new certificate and enable the HTTPS protocol
- On the SQL Server open the Report Server Configuration Manager
- Switch to Web Service URL
- Click “Advanced” and click Add under HTTPS on the bottom of the window
- Choose the certificate from the list and Click OK
- The Reporting Service are now configured to use both HTTP and HTTPS traffic.
- Optionally - For better security the HTTP protocol can be removed from the list, leaving only HTTPS as active.
(Optional step – removing HTTP port)
- Move the generated certificate file to the machine where the EPG Web Management is installed.
- Copy the file generated in the first step – in the above example the file is saved under C:\temp\SQLcertificate.pfx – to the Server where the EPG Web Management is installed
- On the destination Server double click on the file and in the first window choose “Local Machine”
- When asked for a password, provide the password that was set in step 1.1 above
- On the next screen select “Place all certificates in the following store”, click Browse and select “Trusted Root Certification Authorities” from the list and click OK.
- Click Next and Finish the installation
- Configure EPG-Reports to use the new HTTPS URL
- Open EPG-Reports URL
- Switch to Settings tab
- Replace the Reporting Services URL with the new URL starting with HTTPS://
- Press Save on the top of the page