HTTPS and SSL access (Engineering and Client Runtime) 


On this page:

Basic Concepts (Summary)

What is HTTPS?

HTTPS (HyperText Transfer Protocol Secure) is the secure version of HTTP. It uses SSL/TLS to encrypt the communication between client and server, ensuring:

    • Confidentiality – Data is encrypted and cannot be read by third parties.

    • Authenticity – Verifies that the server is who it claims to be.

    • Integrity – Ensures that data has not been modified in transit.

What is SSL/TLS?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that:

    • Establish a secure channel between two endpoints.

    • Use asymmetric encryption to exchange a symmetric session key.

    • Require a digital certificate to prove the server’s identity.

What is a Digital Certificate?

A digital certificate is a file used to establish trust and enable encryption. It is:

    • Issued by a Certificate Authority (CA).

    • Used by the server to prove its identity to the client.

    • Typically stored in .pfx, .crt or .pem formats.

    • Contains the public key, server name, expiration date, and the CA signature.

Without a valid certificate, HTTPS cannot be established. The certificate must be installed and properly referenced in the server configuration.

Configuring HTTPS/SSL in the system

Components with SSL Support

ComponentPurposeSSL Configuration
TWebServicesServer for engineering access (Solution Manager, Designer, files)TWebServices.json
TServerRuntime server: modules, data, file accessTServer.json + "SSL" checkbox in Designer



JSON File Location and Structure

Configuration files are located at:

C:\Users\Public\Documents\FrameworX\MachineSettings\

Examples:

    • TWebServices.json

    • TServer.json

tRPCServer section example:

json:
"tRPCServer":

{

"CertFileName_3111": "C:\\Users\\Public\\Documents\\FrameworX\\MachineSettings\\https\\Certificate.pfx",

"CertPass_3111": "YourCertificatePassword"

}

      • CertFileName_<port> / CertPass_<port>: Define the certificate for a specific port. (3111 is just a port example)

      • Recommended: Use port-specific entries to ensure only specific ports are secured.

      • Avoid using CertFileName without a port suffix unless you intend to secure all ports.

Component Behavior Details

TWebServices

    • Handles access to engineering tools and shared resources.

    • Runs once per machine, not suitable for multi-port setups.

    • To enable HTTPS:

      • Configure TWebServices.json with your certificate.

      • Configure Solution Location in Solution ManagerServer Information tab to use "https://...."

TServer

    • Manages runtime data, file access, modules, and client communication.

    • Supports multiple instances, each listening on a different port.

    • Allows enabling SSL per port, suitable for running multiple secured and unsecured projects simultaneously.

Configuration Steps

    1. Obtain or generate a valid digital certificate (.pfx format).

    2. Copy it to:

      C:\Users\Public\Documents\FrameworX\MachineSettings\https\

    3. Edit TWebServices.json and/or TServer.json to reference the certificate.

    4. For TServer, enable the SSL checkbox in Designer under Runtime Startup.

    5. Restart the relevant executables to apply changes.

Generating .pfx from .crt, .ca, .key, .csr

1. Concatenate certificate and CA chain:

cat your_cert.crt your_ca.crt > full_cert.crt

2. Generate .pfx:

openssl pkcs12 -export \ -out certificate.pfx \ -inkey private.key \ -in full_cert.crt \ -certfile your_ca.crt


This command will prompt for a password. Use that same password in your CertPass_<port> entry.

Client Access URLs (HTTP vs HTTPS)

Enabling SSL on a port does not disable non-SSL access on a different port. Each protocol must use its own port.

SmartClient

      • Without SSL:

        http://127.0.0.1:3101/smartclient

      • With SSL:

        https://127.0.0.1:3111/smartclient

Port must be configured in TServer.json and defined as SSL Port in Designer.

HTML5 Client

      • Without SSL:

        http://127.0.0.1:3101/html5

      • With SSL:

        https://127.0.0.1:3111/html5

Port must be configured in TServer.json and defined as SSL Port in Designer.

Best Practices

  • Use port-specific certificate configuration.

  • Always deploy SSL in production environments.

  • Keep .pfx backups and store passwords securely.

  • Validate certificate installation.

In this section...

  • No labels