Configuring the ETS Secure Connection

The ETS Server can be configured to allow a secure connection with the Web and EOM Servers. This configuration is only applicable when using CoreDB/RTEDsr authentication. For more information, refer to Configuring a Secure Connection (HTTPS) when Using DSR Security.

Note

Ensure that the Remove SSL requirement checkbox was not selected during installation. For more information, refer to Installing the Customer Configuration Overlay on the ETS Server.

This task uses the following files.

File nameLocation
web.config%PROGRAMFILES(X86)%\NCR\WebOffice
AuthDefs.xml%PROGRAMDATA%\NCR\AdvancedStore\Server\ServerParams\Global

To configure a secure connection on the ETS Server, follow these steps:

  1. Obtain a valid SSL certificate and import it to the Internet Information Services (IIS) Manager.
  2. Bind the certificate in the IIS Manager.
    Note

    Bind the Default Web Site to port 443 and the WebOffice site to port 444.

  3. Add the SSL certificate as trusted in Microsoft Management Console (MMC).
  4. Open the web.config file.
  5. Locate the following lines:

    <add key="DSRHost" value="localhost" />

    <add key="DSRHostPort" value="80" />

    <add key="DSRHostProtocol" value="http" />

  6. Enter the fully-qualified domain name (FQDN) or IP address that matches the Web Server certificate as the value for the DSR Host key.
    Example

    <add key="DSRHost" value="153.77.213.202" />

  7. Enter 443 as the value for the DSR Host Port key.
    Example

    <add key="DSRHostPort" value="443" />

  8. Enter https as the value for the DSR Host Protocol key.
    Example

    <add key="DSRHostProtocol" value="https" />

  9. Locate the endpoint address attributes under the client element.

  10. Replace the http URLs with https.
    Example

    <endpoint address="https://localhost:8080/webofficesecurity/HostMenuProvider.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMenuProvider" contract="ServiceMenuProvider.IMenuProvider" name="WSHttpBinding_IMenuProvider" />

  11. Enter the ETS Server fully-qualified domain name (FQDN) or IP address as the value for all the endpoint address URLs.
    Example

    <endpoint address="https://153.77.213.148:444/webofficesecurity/HostMenuProvider.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMenuProvider" contract="ServiceMenuProvider.IMenuProvider" name="WSHttpBinding_IMenuProvider" />

    Note

    The port number should be the WebOffice port used during binding: 444.

  12. Update the DSR Authorizer configuration definition in the AuthDefs.xml file.
    1. Locate the config elements under the <AUTH_ID>RTEDsr</AUTH_ID> tag.
    2. Enter the fully-qualified domain name (FQDN) or IP address of the Web Server as the value for the DSR Host config.
      Example

      <CONFIG>DSRHost=153.77.213.202</CONFIG>

    3. Enter 443 as the value for the DSR Host Port config.
      Example

      <CONFIG>DSRHostPort=443</CONFIG>

    4. Enter https as the value for the DSR Host Protocol config.
      Example

      <CONFIG>DSRHostProtocol=https</CONFIG>

  13. Run iisreset from the Command Prompt window.
  14. Access the following URL to verify the secure connection: https://<ETS Server Machine Name>:444