The communication of the d.3one integrations with the browser and d.ecs http gateway is generally encrypted with HTTPS. The communication between the d.ecs http gateway app and the d.ecs content crawler app is unencrypted with HTTP. Apps that are hosted on Internet Information Services (IIS) are excluded. Communication for these apps is already encrypted using the TLS protocol (Transport Layer Security Protocol).
You can also encrypt the communication between the d.ecs http gateway app and d.ecs content crawler with a certificate that uses the TLS protocol. The protocol used corresponds to the security standard, with SSL (Secure Sockets Layer) being used synonymously with TLS.
In order to encrypt the communication, you have to assign a fixed port to enable TLS for d.ecs content crawler. In addition, you need the hash value of the certificate and the application identifier to link the certificate to the port.
If you have defined a port for the d.ecs content crawler app, you need to determine the hash value of the certificate that you want to link.
In addition to the hash value, you need an application identifier (app ID). You can use any valid GUID in the format XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX. Using the hash value and the application identifier, you can link the certificate to the app port.
You can use the same certificate that you use in IIS. If you want to use a different certificate, you can use the properties of the certificate to determine the hash value (finger print). Remove any space characters.
Suppose you want to find out the hash value of the certificate.
This is how it works
Start the Windows command prompt as administrator.
Enter the command netsh http show sslcert ipport=0.0.0.0:<Port>. Replace <Port> with the port number you specified when installing d.3one (3401 by default).
Copy the value for Certificate hash, e.g. into a text editor.
In order to encrypt communication between the apps, you have to enable TLS in the d.ecs content crawler app and assign a fixed port to the app.
This is how it works
Open the bin folder in the installation directory of the d.ecs content crawler app (e.g.: C:\d3\d.3 content crawler\bin).
Open the dvelop.GroupwareCrawler.App.exe.config file with a text editor.
In the appSettings area, enter the value https for protocol (e.g.: <add key="protocol" value="https">).
Enter a fixed value for port lower bound and port upper bound (e.g.: <add key="port lower bound" value="4010" /><add key="port upper bound" value=4010" />).
Save the file.
Restart the service in the d.3content crawler app.
Once you have specified a port and determined the certificate, you can link the certificate to the port of the d.ecs content crawler app.
This is how it works
Start the Windows command prompt as administrator.
Enter the command netsh http add urlacl url=https://*:<Port>/ user=<User>. Replace <Port> with the port number and <User> with the user running the app.
Enter the command netsh http add sslcert ipport=0.0.0.0:<Port> certstorename=<storename> certhash=<hash> appid={<appid>}. Replace <storename> with the certificate store, <Port> with the port number, <hash> with the saved hash value and <appid> with the application ID.
Confirm the command.
If the port was linked successfully, you can view the linked port in the Windows command prompt using the command netsh http show sslcert. You can also directly display the linked port using the command netsh http show sslcert ipport=0.0.0.0:<Port>. Replace <Port> with the port number.
Then restart the relevant apps to ensure that the apps use HTTPS instead of HTTP when registering at the d.ecs http gateway app.
Example
netsh http show sslcert ipport=0.0.0.0:3401
netsh add urlacl url=https://*:4000/ user=SYSTEM netsh http add urlacl
url=https://*:4000/ user=SYSTEM
netsh http add sslcert ipport=0.0.0.0:4000 certstorename=Root
certhash=e31c06568e4b222a92c8434eaa770b26f09a31a3 appid={2131f4cd-d05b-4308-9af1-9caa44b2c74a}