This website uses cookies to track and improve your visitor experience. By using this site you accept their use:    learn more
Enable and setup SSL \ HTTPS: If you already have your primary certificate file from your CA
Author: David Stevenson Reference Number: AA-00443 Views: 9050 Created: 16-12-2010 11:50 am Last Updated: 06-12-2018 01:24 pm 0 Rating/ Voters


Enable and setup SSL \ HTTPS: If you already have your primary certificate file from your CA

*This KB Article assumes you already have a Certificate issued to you from a CA provider

The Synergist web portal is capable of making use of HTTPS via SSL Encryption. Whilst there is no gurantee SSL can 100% protect your data it does go someway in offering some security on your connection to a web server. 


The decision to implement SSL on any web server or service is ultimately the resposibilty of the Organisation itself and whilst the Synergist web portal is capable of using this method, we cant offer any guarantees of data protection and security that HTTPS\ SSL provides on your Synergist data specifically.  Similarly and as the certificates are issued and purchased by yourself via a 3rd party, the creation of the .pem files are also the resposiblilty of Organsation. Whilst the helpdek are more than happy to explain the the formats and location these need to be in, it would be considered a security vulnerability for us to create these files for you from your own certificate.  

Its also worth noting that as your certificates are issued by a third party you will also be responsible in renewing these before they expire. 

NB: The Synergist web portal is set as a default to listen for https connections on port 443.  This can be changed if required from the Tools & Settings->Utilities->System parameters->Server Tab->Web Server SSL Listen port. 



Creating a .pem with the Entire SSL Certificate Trust Chain

Log in to download your Intermediate (your_certificate_provider.crt), Root (your_root.crt), and Primary Certificates (your_domain_name.crt) from within your Certifying Authority (Thawte, Verisign etc).  Make sure you obtain the correct root & intermediate bundle for the certificate / wildcard product you have purchased.

Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:


The Primary Certificate - your_domain_name.crt

The Intermediate Certificate - your_certificate_provider.crt.  Note you may have more than one intermediate certificate depending on the product purchased, you should include them all.

The Root Certificate - your_root.crt

Make sure to include the beginning and end tags on each certificate. The result should look like this:


-----BEGIN CERTIFICATE----- 

(Your Primary SSL certificate: your_domain_name.crt) 

-----END CERTIFICATE----- 

-----BEGIN CERTIFICATE----- 

(Your Intermediate certificate: your_certificate_provider.crt) 

-----END CERTIFICATE----- 

-----BEGIN CERTIFICATE----- 

(Your second Intermediate certificate: your_certificate_provider.crt) - not all products will have more than one intermediate.

-----END CERTIFICATE----- 

-----BEGIN CERTIFICATE----- 

(Your Root certificate: your_root.crt) 

-----END CERTIFICATE-----


Save the combined file as cert.pem.

You will also need your private key file - key.pem.  This also needs to be in in plain text X509 format.  Opening it in Notepad, or other text editor, it will be structured like this:

-----[BEGIN PRIVATE RSA KEY]-----

(Your 2048 bit private key)

-----[END PRIVATE RSA KEY]-----



Wildcard certificates

Your wildcard certificate will have been issued with a private key (key.pem).  The cert.pem file will need to be created as above - you will already have the primary, intermediate and root certificates.

Once you have the correctly structured cert.pem file and the corresponding private key (key.pem) file and ensure it is in the correct plain text format as described above.


Location of your cert.pem and key.pem files

In either case - single server certificate or wildcard certificate - you are now ready to copy these into place on the database server.  Both files need to be copied into the database folder and should sit alongside your data files (MyCompanyName.4DD).  The most common location for the Synergist database foldler will be on the local \ route drive (eg. C:\Synergist\Database). 

The Web Server may need a restart for this to take affect. Which would mean on a Windows Server first making sure all users are out of the system first and restarting the "4D Service" from the Services Control Panel.  For a Mac based server, again make sure all users are out of the system and Closing 4D Server and re-opening it again and opening the database.  If you are unsure about the restart of the Synergist on a system please call the helpdesk.

Both these files are included in your 4D Server backup, but it would be a good idea to keep a copy of these somewhere secure as well.


Other Notes

The 4D web server is '4D WebSTAR'. If that is not in the list of server vendors, then 'Apache' is the closest. Many certificate authorities will also have an 'other' or 'not listed' option.

If you wish, you can turn off the ability of the web server to respond to http requests, so that it only responds to https (SSL) requests.


Quick Jump Menu
Info Ask a Question