¶ Access via HTTPS
Revision date: 19/jul/2023
MAM4PRO version: 2023.07.00
Aiming to increase security, MOG systems can also be accessed by HTTPS.
Follow the steps below to configure this.
First, during the product installation make sure that the web proxy server service is installed:
Next, valid signed certificate must be used on the server, you can create your own self-signed certificate.
Note: the responsibility for the creation of the self-signed certificates is of the customer, not MOG’s. These certificates are for corporate use and therefore exclusive to the company.
Here is an example on how to create a self-signed certificate to include in MOG system using OpenSSL in Linux:
openssl genrsa -out mog.key 2048
openssl rsa -in mog.key -out mog.key
openssl req -sha256 -new -key mog.key -out server.csr -subj '/CN=#######' //(Replace ####### by the hostname of the machine or public DNS)
openssl x509 -req -sha256 -days 365 -in server.csr -signkey mog.key -out server.crt
cat server.crt mog.key > bundle.pem
In the end, we will obtain the files mog.key and bundle.pem which must be placed in a folder of your choice i.e.: C:\Users\MOG\Desktop\Certificates.
To finish, copy both the certificates to the C:\Program Files\MOG\MAM4PRO\WebServicesProxy\IngressServer\certificates directory.
¶ Enabling the Ingress Server
In order to use the certificates, the ingress server must be enabled. To do this, follow the next steps:
First, go to the following directory C:\Program Files\MOG\MAM4PRO\mWeb\www_mSRv3\WebSite\app\config\constants\ and edit the “ports.json” file setting the “useIngress” value to “true”:
Then, go to the directory
C:\Program Files\MOG\MAM4PRO\WebServicesProxy\IngressServer\conf and edit the “nginx.conf” file making sure that both the “ssl_certificate” and “ssl_certificate_key” match what was created.
After these steps are performed, start the services and activate the “Ingress Server” dependence:
All done with the configurations, now access to your server using either your server’s name or the public DNS.
Your system should now be working on HTTPS (when using the ingress server dependence) or HTTP (if the ingress server dependence is disabled).