KNOWLEDGE BASE ARTICLE

Configuring Umango for SSL/TLS in Umango 21

Applies to pre Umango 23 versions. For configuration of Umango 23 or later, refer to the newer article on this topic.

To enable https support in Umango, you will need to assign and configure an x509 certificate in the Umango .config file. This article assumes you have already acquired a suitable, fully signed x509 certificate that is ready for use.

Note: not all MFD's support https so enabling this feature may break embedded apps.

To configure the certificates use, edit the UmangoService.exe.config text file. This file is found in your programs folder which is typically located at:

C:\Program Folders\Umango\2X\UmangoService.exe.config

Once open, look for the following entries...
 
<!--add key="x509.https" value="off" /-->
<!--add key="x509.certificate" value="C:\My\Path\cert.pfx" /-->
<!--add key="x509.passphrase" value="mypassword" /-->
 
Each of these entries needs to be enable and configured. To enable them you need to remove the "!--" in the leading  "<!--" and the "--" from the trailing /--> as these additions quote-out the values. After enabling these settings, they should appear like this...

<add key="x509.https" value="on" />
<add key="x509.certificate" value="C:\My\Path\cert.pfx" />
<add key="x509.passphrase" value="mypassword" />
Now you will need to update each setting's value to accommodate your certificate.

x509.https

The https value should be set to "on". This will ensure TLS1.2 is enabled.

x509.certificate

The certificate value should reference either;
  • The file path of your x509 certificate file. Include the full path to the file.
  • In versions since 21.12, the serial number, thumbprint or subject name of a valid certificate in the certificate store.

x509.passphrase

Where required by your certificate, the passphrase is the certificate password you assigned when creating your certificate.

Note: As this password is open text, we strongly recommend that you do not use it or, if you do, that your security settings are set to ensure that no users can view this config file that do not need to do so.

Once all the settings have been correctly applied and the .config file has been saved, you will need to restart the Umango Windows Service. Once restarted, HTTPS will be enabled and the https protocol will need to be used to access any web services within Umango. Simple HTTP protocol requests will no longer be accessible.

Link to this article http://umango.com/KB?article=110