KNOWLEDGE BASE ARTICLE

Enabling HTTPS in Umango 23

To enable HTTPS support in Umango, you will need to assign and configure an x509 certificate. This article assumes you have already purchased a suitable, fully signed x509 certificate that is ready for use. You cannot use a self-signed certificate on most MFP devices (refer to manufacturer specifications for details).


Note: Not all MFD's support https so enabling this feature may break embedded apps. There are also traffic routing requirements to be considered. Please read the section below discussing device embedded apps.

To prepare the certificate for use, import your .pfx x509 certificate file into the 'Trusted Publisher' certificate store on the Umango server and ensure that the Umango Windows service logon account has permissions to access the store.

Once your certificate is imported and ready for use, you will need to create 2 entries in the registry to point Umango at the certificate. These entries should be string values stored in the registry key below:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Umango

These string value are:

x509.https

The https value should be set to "true". This will ensure TLS1.2 is enabled.

x509.certificate

The certificate value should reference either;
  • The serial number, thumbprint or subject name of a the certificate in the certificate store. Or;
  • The file path of your x509 certificate file. Include the full path to the file.

x509.passphrase [Optional]

The passphrase is the certificate password you assigned when creating your certificate. This should only be used when your certificate is a reference to the file path of the certificate file.

Note: As this passphrase is open text, we strongly recommend that you do not use a file reference method or, if you do, ensure that your security settings are set to ensure that no users can view the registry key that do not need to do so.

Once all the settings have been correctly applied, you will need to restart the Umango Windows Service. Once restarted, HTTPS will be enabled and the https protocol will need to be used to access any web services within Umango. Simple HTTP protocol requests will no longer be accessible.

Deployment Sequence

The correct sequence for configuring and deploying https support across Umango and embedded devices:
  1. Ensure your network and x509 certificate are conducive to your deployment requirements (see article on covering configuration considerations)
  2. Uninstall (remove as a source) Umango from any MFP's Umango is deployed to (existing apps will have http and IP based launch urls that will not work when https is enabled)
  3. Configure and enable your x509 certificate as detailed above
  4. Set a value of UrlDomain (in Umango's advanced configuration settings) to the x509 certificate's Common Name (FQDN/Hostname). Refer to the configuration settings instructions for information on setting the UrlDomain
  5. Restart the Umango service
  6. Ensure Umango is accessible via https using the FQDN/Hostname
  7. Deploy Umango to any required devices


Link to this article http://umango.com/KB?article=123