Enabling SSL between FlowForce Web Server and FlowForce Server
The communication between FlowForce Web Server (FFW) and FlowForce Server (FFS) depends on how you have configured their SSL options, as described previously, namely:
•If you have configured FFS to accept unencrypted connections and disabled SSL, then communication between the two is unencrypted (by default, via port 4646).
•If you have configured FFS for SSL and disabled unencrypted connections, then communication between FFW and FFS is encrypted (by default, via port 4647).
The details of how FFW communicates with FFS are displayed at the top of the Login page, for example:
In the example above, FFW connects to FFS at local address 127.0.0.1, through an encrypted connection on port 4647 (the connection is encrypted assuming that you have enabled SSL for FFS on this port specifically).
You can also change the connection details between FFW and FFS manually, by editing their respective .ini files from the data subdirectory of the FlowForce Server Application Data directory.
Do the following in the flowforce.ini file:
1.In the [ListenSSL] section, enter values for the following parameters:
[ListenSSL] ssl=1 port=4647 hostname=server.my.domain.com |
•The ssl and active parameters must be set to 1 (enabled).
•The host must be 0.0.0.0 (all interfaces)
•The hostname must match the Common Name of the SSL certificate used by FlowForce Server.
•The port must be other than the default 4646 port used for unencrypted connections. For example, you can set it to 4647, if this port is not already in use.
2.In the [SSL] section, enter the path to the certificate and private key available for FlowForce Server. This is the same certificate and private key pair mentioned in Enabling SSL for FlowForce Server. For example:
[SSL] certificate_chain= |
Do the following in the flowforceweb.ini file:
1.If it does not exist already, add a section called [FlowForce], and type values for the following parameters:
[FlowForce] host=127.0.0.1 port=4647 |
•The ssl parameter must be enabled (set to 1).
•The host in this case is 127.0.0.1 since the communication between FFS and FFW is local.
•The port must point to the port where FFS accepts encrypted connections (4647, by default).
•The certificate defines the local path to the FFS certificate file (or the path to the common certificate of FFS and FFW, if both are using the same).
Note: After you finished editing the .ini files, restart both the FlowForce Server and the FlowForce Web Server services. For more information, see:
•Starting and Stopping Services (Linux)