Configure SSL or TLS for AgilePoint Server and AgilePoint NX Portal

To configure AgilePoint Server to use SSL or TLS, do the procedure in this topic. .

Background and Setup

Prerequisites

Good to Know

  • For security, AgilePoint recommends you use a standard SSL or TLS certificate, and not a self-signed certificate.
  • SSL or TLS is required for AgilePoint Server if you use on-premises SharePoint over SSL or TLS.
  • AgilePoint NX supports any version of SSL or TLS, but limitations to the versions of SSL or TLS you can use in your environnment may apply based on software or systems outside of AgilePoint NX. The following are examples of restrictions that may apply to the SSL or TLS versions that could apply in your environment. However, the specifc rules depend on your specific configuration:
    • AgilePoint Server relies on the version of SSL or TLS that is configured for .NET on your AgilePoint Server machine. For example, by default, .NET 4.7.1 supports TLS 1.2 or higher.

      This configuration can be changed, but any downgrade in the supported version of SSL or TLS can result in security risks. For more information, see the documentation from Microsoft.

    • Outside services, such as Salesforce, may require certificates with higher levels (or specific levels) of SSL or TLS.

      You can test your certificate with several third-party, web-based services—for example, https://www.digicert.com/help/

    • If you want to connect to mobile apps that use iOS 9 or higher, your certificate must use Apple's App Transport Security standard.

      For more information, refer to NSAppTransportSecurity from Apple.

  • The security protocols supported by third-party technologies are subject to change are the responsibility for the associated vendors. These are subject to change without notice from AgilePoint.
  • After you configure AgilePoint Server and AgilePoint NX Portal for TLS or SSL, you also must configure serveral other components if they are used in your environments.

    For more information, refer to:

How to Start

  1. On the AgilePoint Server machine, in Windows Explorer, right-click the file (AgilePoint Server installation folder) C:\Program Files\AgilePoint\AgilePoint Server\WCFConfigurationUtility.exe, and click Run as Administrator.

    Configuration Utility Run As Administrator Screen

Enable SSL or TLS in AgilePoint Server Manager

To enable the SSL Settings in AgilePoint Server Manager, ​do the procedure in this topic.

Procedure

  1. On the AgilePoint Server Manager, select your AgilePoint Windows Service instance.
  2. On the Networking tab, in the SSL Settings section, turn on Use secure connection (SSL).
  3. On the Domain Name field, enter the common name or domain name for your SSL certificate.
  4. In AgilePoint Server Manager, restart your AgilePoint Server instance.

Bind an SSL or TLS Certificate to an AgilePoint Server Port

To bind an SSL or TLS certificate to an AgilePoint Server port, ​do the procedure in this topic.

Prerequisites

Procedure

  1. In a command prompt, enter mmc.
  2. On the Console Root screen, click File > Add/Remove Snap-in.
  3. On the Add or Remove Snap-ins screen, select Certificates, and click Add.
  4. On the Certificates snap-in screen, click Computer account.
  5. On the Select Computer screen, click Local computer.
  6. On the Console Root screen, click the Right arrow to expand Certificates (Local Computer)
  7. Click the Right arrow to expand Personal folder.
  8. Right-click the Certificates folder.
  9. Select All Task > Import.
  10. On the Certificates Import wizard, click the Next button.
  11. In the File name field, browse your SSL certificate.
  12. Double-click your SSL certificate.
  13. Select the Details tab.
  14. In the shown field, select ALL.
  15. Select Thumbprint.
  16. Copy the value of the thumbprint.
  17. In a command prompt, enter the following command:

    netsh http add sslcert ipport=0.0.0.0:portnumber certhash=SSL-Certifcate-thumbprint-value-without-spaces appid={c929c857-e10a-48c4-b123-5713faba528e}

  18. In AgilePoint Server Manager, restart your AgilePoint Server instance.

Change the REST URL in the AgilePoint NX Portal to Use HTTPS

To change the REST URL in AgilePoint NX Portal to use HTTPS, do the procedure in this topic.

Good to Know

  • The Manage AgilePoint NX Portal Configuration Utility lets you enter configuration information for your NX Portal server. The following limitations apply:
    • You can enter a first-time database configuration (Initialize) or update an existing configuration (Update). Usually this utility is used to update an existing configuration because the initial configuration is created during installation.
    • If you update an existing configuration, the utility does not retrieve the existing information. This utility lets you set the configuration for a new database connection string, but it does not retrieve or parse the existing connection string, if one exists.
    • This utility configures a single tenant environment. If you want to change the configuration for a multi-tenant environment, contact AgilePoint Professional Services.
  • If you want to change the REST URL to use HTTPS with configuration files, refer to Change the REST URL in the AgilePoint NX Portal.

How to Start

  1. Open the folder (NX Portal installation folder) C:\Program Files\AgilePoint\AgilePointWebApplication\AgilePointPortal\bin.
  2. Right-click the file AgilePointNXPortalManagement.exe, and click Run as Administrator.

Procedure

  1. On the Manage AgilePoint NX Portal Configuration Utility screen, in the Manage Portal Database Connection String section, complete the fields as necessary.
  2. In the AgilePoint REST URL field, enter the value for the REST URL as necessary.
  3. In AgilePoint Server Manager, restart your AgilePoint Server instance.

Test the HTTPS AgilePoint NX Portal REST URL

To test the HTTPS AgilePoint NX Portal REST URL, do the procedure in this topic.

Figure: Sign In With screen

Sign In With screen

Procedure

  1. Open HTTPS REST URL for the AgilePoint NX Portal.

    Format:

    https://[fully qualified domain name]

    Example:

    https://myagilepointnxdomain.com