Configure SSL or TLS for AgilePoint Server and AgilePoint NX Portal
To configure AgilePoint Server to use SSL or TLS, do the procedure in this topic.
Background and Setup
Prerequisites
- AgilePoint NX OnPremises or AgilePoint NX Private Cloud.
- To use secure communication, AgilePoint NX requires an SSL or TLS certificate to be installed for each communication port used for AgilePoint Server on the AgilePoint Server machine.
- You must have an SSL certificate.
- SSL or TLS is configured in IIS.
For more information, refer to https://docs.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis.
Good to Know
- For security, AgilePoint recommends you use a standard SSL or TLS certificate, and not a self-signed certificate.
- SSL or TLS is required for AgilePoint Server if you use on-premises SharePoint over SSL or TLS.
- AgilePoint NX supports any version of SSL or TLS, but limitations to the versions of SSL or TLS you can use in your environnment may apply based on software or systems outside of AgilePoint NX. The following are examples of restrictions that may apply to the SSL or TLS versions that could apply in your environment. However, the specifc rules depend on your specific configuration:
- AgilePoint
Server relies on the version of SSL or TLS that is configured for
.NET on your AgilePoint Server machine. For example, by default,
.NET 4.7.1 supports TLS 1.2 or higher.
This configuration can be changed, but any downgrade in the supported version of SSL or TLS can result in security risks. For more information, see the documentation from Microsoft.
- Outside services, such as Salesforce, may require certificates with
higher levels (or
specific levels) of SSL or TLS.
You can test your certificate with several third-party, web-based services—for example, https://www.digicert.com/help/
- If you want to connect to mobile apps that use iOS 9 or higher, your certificate must use Apple's App Transport Security standard.
For more information, refer to NSAppTransportSecurity from Apple.
- AgilePoint
Server relies on the version of SSL or TLS that is configured for
.NET on your AgilePoint Server machine. For example, by default,
.NET 4.7.1 supports TLS 1.2 or higher.
- The security protocols supported by third-party technologies are subject to change are the responsibility for the associated vendors. These are subject to change without notice from AgilePoint.
- After you configure AgilePoint Server and AgilePoint NX Portal for TLS or SSL, you also must configure
serveral other components if they are used in your environments.
For more information, refer to:
How to Start
- On the AgilePoint Server machine, in Windows Explorer, right-click the file (AgilePoint Server installation folder) C:\Program Files\AgilePoint\AgilePoint Server\WCFConfigurationUtility.exe, and click Run as Administrator.
Enable SSL or TLS in AgilePoint Server Manager
To enable the SSL Settings in AgilePoint Server Manager, do the procedure in this topic.
Procedure
- On the AgilePoint Server Manager, select your AgilePoint Windows Service instance.
- On the Networking tab, in the SSL Settings section, turn on Use secure connection (SSL).
- On the Domain Name field, enter the common name or domain name for your SSL certificate.
- In AgilePoint Server Manager, restart your AgilePoint Server instance.
Bind an SSL or TLS Certificate to an AgilePoint Server Port
To bind an SSL or TLS certificate to an AgilePoint Server port, do the procedure in this topic.
Prerequisites
- The ports you use for binding in AgilePoint Server. You can find these in AgilePoint Server Manager.
Procedure
- In a command prompt, enter mmc.
- On the Console Root screen, click File > Add/Remove Snap-in.
- On the Add or Remove Snap-ins screen, select Certificates, and click Add.
- On the Certificates snap-in screen, click Computer account.
- On the Select Computer screen, click Local computer.
- On the Console Root screen, click the Right arrow to expand Certificates (Local Computer)
- Click the Right arrow to expand Personal folder.
- Right-click the Certificates folder.
- Select All Task > Import.
- On the Certificates Import wizard, click the Next button.
- In the File name field, browse your SSL certificate.
- Double-click your SSL certificate.
- Select the Details tab.
- In the shown field, select ALL.
- Select Thumbprint.
- Copy the value of the thumbprint.
- In a command prompt, enter the following command:
netsh http add sslcert ipport=0.0.0.0:portnumber certhash=SSL-Certifcate-thumbprint-value-without-spaces appid={c929c857-e10a-48c4-b123-5713faba528e}
- In AgilePoint Server Manager, restart your AgilePoint Server instance.
Change the REST URL in the AgilePoint NX Portal to Use HTTPS
To change the REST URL in AgilePoint NX Portal to use HTTPS, do the procedure in this topic.
Good to Know
- The Manage AgilePoint NX Portal Configuration Utility lets you enter configuration information for your NX Portal server. The following limitations apply:
- You can enter a first-time database configuration (Initialize) or update an existing configuration (Update). Usually this utility is used to update an existing configuration because the initial configuration is created during installation.
- If you update an existing configuration, the utility does not retrieve the existing information. This utility lets you set the configuration for a new database connection string, but it does not retrieve or parse the existing connection string, if one exists.
- This utility configures a single tenant environment. If you want to change the configuration for a multi-tenant environment, contact AgilePoint Professional Services.
- If you want to change the REST URL to use HTTPS with configuration files, refer to Change the REST URL in the AgilePoint NX Portal.
How to Start
- Open the folder (NX Portal installation folder) C:\Program Files\AgilePoint\AgilePointWebApplication\AgilePointPortal\bin.
- Right-click the file AgilePointNXPortalManagement.exe, and click Run as Administrator.
Procedure
- On the Manage AgilePoint NX Portal Configuration Utility screen, in the Manage Portal Database Connection String section, complete the fields as necessary.
- In the AgilePoint REST URL field, enter the value for the REST URL as necessary.
- In AgilePoint Server Manager, restart your AgilePoint Server instance.
Test the HTTPS AgilePoint NX Portal REST URL
To test the HTTPS AgilePoint NX Portal REST URL, do the procedure in this topic.
Procedure
- Open HTTPS REST URL for the AgilePoint NX Portal.
Format:
https://[fully qualified domain name]
Example:
https://myagilepointnxdomain.com