0
Answered

Binding UNIFYBroker endpoint/API to https

Paul Zelenewicz 2 months ago • updated by Beau Harrison (Software Developer) 1 month ago 5

Hi team, 

Is it possible to bind the UNIFYBroker API/endpoint (http://servername:5999[0/1]) to https?

Affected Versions:
Fixed by Version:

Answer

Answer
Under review

Hi Paul, we don't have it documented, but it is possible.

  1. Ensure you certificate is installed as a local machine certificate, not a user certificate.
  2. Follow these instructions To bind an SSL certificate to a port number. The appid can be any valid GUID.
  3. Update the configuration for the API. If you're modifying the default API, make sure you have a correctly configured web component ready to confirm the API changes.

Let me know if anything is incorrect or unclear. I'll turn these instructions into proper documentation based on your feedback.

Answer
Under review

Hi Paul, we don't have it documented, but it is possible.

  1. Ensure you certificate is installed as a local machine certificate, not a user certificate.
  2. Follow these instructions To bind an SSL certificate to a port number. The appid can be any valid GUID.
  3. Update the configuration for the API. If you're modifying the default API, make sure you have a correctly configured web component ready to confirm the API changes.

Let me know if anything is incorrect or unclear. I'll turn these instructions into proper documentation based on your feedback.

Hi Beau,

That definitely worked for the API.

I also updated the file 'Unify.Connect.Service.exe.config' so that the stuff on port 59990 was https'd - service starts fine, but when I update 'web.config' to point <appSettings> 'entityContextAddress' and 'adapterEntityContextAddress' to https, the web site dies - although it runs happily if I leave it as http.

I don't really understand what these are doing, is there something additional that needs to be done?

FYI: line 161 of unify.connect.service.exe.config is wrong (compare with the default http section)

says: contract="Unify.Product.IdentityBroker.IIdentityBrokerEngineNotificationCollector"

should be: contract="Unify.Product.IdentityBroker.IIdentityServiceCollector"

Cheers. 

Hi Paul, you shouldn't have to touch Unify.Connect.Service.exe.config at all. Nothing in there relates to the API.

Check the documentation I linked in step 3 again. The element you need to change has the key apiAddress. The ones you changed also are not related to the API.

Hi Paul, did you get this working?

Answered

Updated documentation with the above instructions