View Source

HTTPS and SSL access (Engineering and Client Runtime)

On this page:

Basic Concepts (Summary)

What is HTTPS?

HTTPS (HyperText Transfer Protocol Secure) is the secure version of HTTP. It uses SSL/TLS to encrypt the communication between client and server, ensuring:

- Confidentiality – Data is encrypted and cannot be read by third parties.
- Authenticity – Verifies that the server is who it claims to be.
- Integrity – Ensures that data has not been modified in transit.

What is SSL/TLS?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that:

- Establish a secure channel between two endpoints.
- Use asymmetric encryption to exchange a symmetric session key.
- Require a digital certificate to prove the server’s identity.

What is a Digital Certificate?

A digital certificate is a file used to establish trust and enable encryption. It is:

- Issued by a Certificate Authority (CA).
- Used by the server to prove its identity to the client.
- Typically stored in .pfx, .crt or .pem formats.
- Contains the public key, server name, expiration date, and the CA signature.

Without a valid certificate, HTTPS cannot be established. The certificate must be installed and properly referenced in the server configuration.

Configuring HTTPS/SSL in the system

Components with SSL Support

Component	Purpose	SSL Configuration
TWebServices	Server for engineering access (Solution Manager, Designer, files)	`TWebServices.json`
TServer	Runtime server: modules, data, file access	`TServer.json` + "SSL" checkbox in Designer

JSON File Location and Structure

Configuration files are located at:

C:\Users\Public\Documents\FrameworX\MachineSettings\

Examples:

- TWebServices.json
- TServer.json

`tRPCServer` section example:

json:
"tRPCServer":

{

"CertFileName_3111": "C:\\Users\\Public\\Documents\\FrameworX\\MachineSettings\\https\\Certificate.pfx",

"CertPass_3111": "YourCertificatePassword"

}

- - CertFileName_<port> / CertPass_<port>: Define the certificate for a specific port. (3111 is just a port example)
  - Recommended: Use port-specific entries to ensure only specific ports are secured.
  - Avoid using CertFileName without a port suffix unless you intend to secure all ports.

Component Behavior Details

TWebServices

- Handles access to engineering tools and shared resources.
- Runs once per machine, not suitable for multi-port setups.
- To enable HTTPS:
  - Configure TWebServices.json with your certificate.
  - Configure Solution Location in Solution Manager → Server Information tab to use "https://...."

TServer

- Manages runtime data, file access, modules, and client communication.
- Supports multiple instances, each listening on a different port.
- Allows enabling SSL per port, suitable for running multiple secured and unsecured projects simultaneously.

Configuration Steps

1. Obtain or generate a valid digital certificate (.pfx format).
2. Copy it to:
  C:\Users\Public\Documents\FrameworX\MachineSettings\https\
3. Edit TWebServices.json and/or TServer.json to reference the certificate.
4. For TServer, enable the SSL checkbox in Designer under Runtime Startup.
5. Restart the relevant executables to apply changes.

Generating `.pfx` from `.crt`, `.ca`, `.key`, `.csr`

1. Concatenate certificate and CA chain:

`cat your_cert.crt your_ca.crt > full_cert.crt`

2. Generate `.pfx`:

`openssl pkcs12 -export \ -out certificate.pfx \ -inkey private.key \ -in full_cert.crt \ -certfile your_ca.crt`

This command will prompt for a password. Use that same password in your CertPass_<port> entry.

Client Access URLs (HTTP vs HTTPS)

Enabling SSL on a port does not disable non-SSL access on a different port. Each protocol must use its own port.

SmartClient

- - Without SSL:
    http://127.0.0.1:3101/smartclient
  - With SSL:
    https://127.0.0.1:3111/smartclient

Port must be configured in TServer.json and defined as SSL Port in Designer.

HTML5 Client

- - Without SSL:
    http://127.0.0.1:3101/html5
  - With SSL:
    https://127.0.0.1:3111/html5