Page History

...

Info

icon	false
title	Introduction

Basic Concepts (Summary)

What is HTTPS?

HTTPS (HyperText Transfer Protocol Secure) is the secure version of HTTP. It uses SSL/TLS to encrypt the communication between client and server, ensuring:

- Confidentiality – Data is encrypted and cannot be read by third parties.
- Authenticity – Verifies that the server is who it claims to be.
- Integrity – Ensures that data has not been modified in transit.

What is SSL/TLS?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that:

- - Establish a secure channel between two endpoints.
- Use asymmetric encryption to exchange a symmetric session key.
- Require a digital certificate to prove the server’s identity.

What is a Digital Certificate?

A digital certificate is a file used to establish trust and enable encryption. It is:

- Issued by a Certificate Authority (CA).
- Used by the server to prove its identity to the client.
- Typically stored in .pfx, .crt or .pem formats.
- Contains the public key, server name, expiration date, and the CA signature.

Without a valid certificate, HTTPS cannot be established. The certificate must be installed and properly referenced in the server configuration.

Configuring HTTPS/SSL in the system

Components with SSL Support

Component	Purpose	SSL Configuration
TWebServices	Server for engineering access (Solution Manager, Designer, files)	`TWebServices.json`
TServer	Runtime server: modules, data, file access	`TServer.json` + "SSL" checkbox in Designer

...

JSON File Location and Structure

Configuration files are located at:

...

- TWebServices.json
- TServer.json

`tRPCServer` section example:

json:
"tRPCServer":

{

"CertFileName_3111": "C:\\Users\\Public\\Documents\\FrameworX\\MachineSettings\\https\\Certificate.pfx",

...

- - CertFileName_<port> / CertPass_<port>: Define the certificate for a specific port. (3111 is just a port example)
  - Recommended: Use port-specific entries to ensure only specific ports are secured.
  - Avoid using CertFileName without a port suffix unless you intend to secure all ports.

...

Component Behavior Details

TWebServices

- Handles access to engineering tools and shared resources.
- Runs once per machine, not suitable for multi-port setups.
- To enable HTTPS:
  - Configure TWebServices.json with your certificate.
  - Configure Solution Location in Solution Manager → Server Information tab to use "https://...."

TServer

- Manages runtime data, file access, modules, and client communication.
- Supports multiple instances, each listening on a different port.
- Allows enabling SSL per port, suitable for running multiple secured and unsecured projects simultaneously.

...

Configuration Steps

1. Obtain or generate a valid digital certificate (.pfx format).
2. Copy it to:
  C:\Users\Public\Documents\FrameworX\MachineSettings\https\
3. Edit TWebServices.json and/or TServer.json to reference the certificate.
4. For TServer, enable the SSL checkbox in Designer under Runtime Startup.
5. Restart the relevant executables to apply changes.

...

Generating `.pfx` from `.crt`, `.ca`, `.key`, `.csr`

1. Concatenate certificate and CA chain:

`cat your_cert.crt your_ca.crt > full_cert.crt`

2. Generate `.pfx`:

`openssl pkcs12 -export \ -out certificate.pfx \ -inkey private.key \ -in full_cert.crt \ -certfile your_ca.crt`

This command will prompt for a password. Use that same password in your CertPass_<port> entry.

...

Client Access URLs (HTTP vs HTTPS)

Enabling SSL on a port does not disable non-SSL access on a different port. Each protocol must use its own port.

SmartClient

- - Without SSL:
    http://127.0.0.1:3101/smartclient
  - With SSL:
    https://127.0.0.1:3111/smartclient

Port must be configured in TServer.json and defined as SSL Port in Designer.

HTML5 Client

- - Without SSL:
    http://127.0.0.1:3101/html5
  - With SSL:
    https://127.0.0.1:3111/html5

Port must be configured in TServer.json and defined as SSL Port in Designer.

...

Best Practices

Use port-specific certificate configuration.
Always deploy SSL in production environments.
Keep .pfx backups and store passwords securely.
Validate certificate installation.

...

In this section...

Page Tree

root	@parent
spaces	93DRAF

...

Space shortcuts

Page tree

Versions Compared

Old Version 1

New Version 2

Key

Basic Concepts (Summary)

What is HTTPS?

What is SSL/TLS?

What is a Digital Certificate?

Configuring HTTPS/SSL in the system

Components with SSL Support

JSON File Location and Structure

`tRPCServer` section example:

Component Behavior Details

TWebServices

TServer

Configuration Steps

Generating `.pfx` from `.crt`, `.ca`, `.key`, `.csr`

1. Concatenate certificate and CA chain:

`cat your_cert.crt your_ca.crt > full_cert.crt`

2. Generate `.pfx`:

`openssl pkcs12 -export \ -out certificate.pfx \ -inkey private.key \ -in full_cert.crt \ -certfile your_ca.crt`

Client Access URLs (HTTP vs HTTPS)

SmartClient

HTML5 Client

Best Practices

In this section...

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 1

New Version 2

Key

Basic Concepts (Summary)

What is HTTPS?

What is SSL/TLS?

What is a Digital Certificate?

Configuring HTTPS/SSL in the system

Components with SSL Support

JSON File Location and Structure

tRPCServer section example:

Component Behavior Details

TWebServices

TServer

Configuration Steps

Generating .pfx from .crt, .ca, .key, .csr

1. Concatenate certificate and CA chain:

cat your_cert.crt your_ca.crt > full_cert.crt

2. Generate .pfx:

openssl pkcs12 -export \ -out certificate.pfx \ -inkey private.key \ -in full_cert.crt \ -certfile your_ca.crt

Client Access URLs (HTTP vs HTTPS)

SmartClient

HTML5 Client

Best Practices

In this section...

`tRPCServer` section example:

Generating `.pfx` from `.crt`, `.ca`, `.key`, `.csr`

`cat your_cert.crt your_ca.crt > full_cert.crt`

2. Generate `.pfx`:

`openssl pkcs12 -export \ -out certificate.pfx \ -inkey private.key \ -in full_cert.crt \ -certfile your_ca.crt`