SSL Management Utility

Background and Setup

Prerequisites

A full chain SSL or TLS certificate in PFX or PEM format.
- PFX - The file must be in .pfx format and requires a password.
- PEM - In most cases, a PEM certificate consists of two files: a private key file (.pem or .key) and a certificate file (.crt or .pem).
Note: Make sure the SSL certificate chain is complete.
To bind the SSL or TLS Certificate to a port served by AgilePoint NX Portal.
For more information, refer to Configure SSL or TLS for AgilePoint NX Portal.
AgilePoint NX PrivateCloud, or AgilePoint NX OnPremises v9.0 or higher.

Good to Know

For security, AgilePoint recommends you use a standard SSL or TLS certificate, and not a self-signed certificate.
SSL or TLS is required for AgilePoint Server if you use on-premises SharePoint over SSL or TLS.
AgilePoint NX supports any version of SSL or TLS, but limitations to the versions of SSL or TLS you can use in your environnment may apply based on software or systems outside of AgilePoint NX. The following are examples of restrictions that may apply to the SSL or TLS versions that could apply in your environment. However, the specifc rules depend on your specific configuration:
- AgilePoint Server relies on the version of SSL or TLS that is configured for .NET on your AgilePoint Server machine. For example, by default, .NET 4.7.1 supports TLS 1.2 or higher.
  This configuration can be changed, but any downgrade in the supported version of SSL or TLS can result in security risks. For more information, see the documentation from Microsoft.
- Outside services, such as Salesforce, may require certificates with higher levels (or specific levels) of SSL or TLS.
  You can test your certificate with several third-party, web-based services—for example, https://www.digicert.com/help/
- If you want to connect to mobile apps that use iOS 9 or higher, your certificate must use Apple's App Transport Security standard.
  For more information, refer to NSAppTransportSecurity from Apple.
After you configure AgilePoint Server and AgilePoint NX Portal for SSL or TLS, you also must configure serveral other components if they are used in your environments.
For more information, refer to:

How to Start

On the AgilePoint Server machine, open this folder:
(NX Portal installation folder - v9.0 and higher) C:\Program Files\AgilePoint\AgilePointPortalInstance\tools\windows
Right-click the file AgilePoint.Portal.Management.exe, and click Run as Administrator.

Update Portal Certificate

Adds an SSL or TLS certificate to AgilePoint NX Portal and updates the associated attributes in the Portal web.yaml file.

Fields

Field Name	Definition
Certificate Type	Description: Specifies the type of certificate to import. Allowed Values: .pfx - Uploads a certificate in .pfx format. .pem - Uploads a certificate in .pem format. Default Value: .pfx
Upload Certificate File	Description: Specifies a certificate to use to configure SSL or TLS for AgilePoint NX Portal. Allowed Values: A certificate in .pfx or .pem format. Default Value: None
Passphrase	Description: Specifies the password for your certificate. The password is stored in encrypted format. To Open this Field: On the Update Portal Certificate screen, select .pfx. Allowed Values: The password for the .pfx certificate. Default Value: None
Upload Key File	Description: Specifies the private key certificate file to configure for AgilePoint NX Portal. To Open this Field: On the Update Portal Certificate screen, select .pem. Allowed Values: A certificate in .pem or .key format. Default Value: None
Update	Function: Saves the SSL or TLS certificate in AgilePoint NX Portal.
Log Information	Description: Shows information about the result of the actions performed to update the SSL or TLS certificate in AgilePoint NX Portal. Allowed Values: Read only.

Apply SSL Certificate

Applies an SSL or TLS certificate to a port served by AgilePoint NX Portal.

Prerequisites

The certificate must exist in this folder:
(NX Portal installation folder - v9.0 and higher) C:\Program Files\AgilePoint\AgilePointPortalInstance\Certificates
A thumbprint for the certificate.
For more information, refer to Configure SSL or TLS for AgilePoint NX Portal.

Fields

Field Name	Definition
Port	Description: Specifies the port number to associate with the SSL certificate. The port number is appended to the REST URL for the AgilePoint Server instance. Allowed Values: The port number from the AgilePoint Server machine that serves the REST URL for the AgilePoint Server instance. Default Value: None
CertHashId	Description: Specifies the hex-encoded SHA1 thumbprint of the certificate. Allowed Values: One line of text (a string). Accepted: Letters Numbers Special characters Not Accepted: Spaces Default Value: None
Apply	Function: Associates the SSL or TLS certificate with the AgilePoint Server instance.

Remove SSL Certificate

Removes the association between the SSL or TLS certificate and a port served by AgilePoint NX Portal.

Good to Know

This action removes the association between the certificate and the port number. The certificate is not deleted from the folder path. The same certificate file can be applied to a different port.

Fields

Field Name	Definition
Port	Description: Specifies the port number to remove from SSL or TLS. Allowed Values: The port number from the AgilePoint Server machine that serves the REST URL for the AgilePoint Server instance. Default Value: None