Configuration in ActivID CMS

The front-end server running the Apache Web server in proxy mode handles the SSL connections and proxying of the requests to ActivID CMS. This is why ActivID CMS does not need to handle the overhead of the SSL communications.

This section describes the steps required to terminate the SSL connection so that it is not handled by ActivID CMS.

  1. On the Operator Portal, click the Configuration tab, and then click Customization.

    The Customization page is displayed.

  2. In the Select a Topic drop down list, click SSL Termination.

  3. In the SSL Termination section, select Enabled.

    This enables the handling of SSL termination by allowing access using HTTP instead of HTTPS. It also specifies whether or not this server is working with an SSL termination device in front.

  4. In the Certificate information type drop-down list, select SubjectString.

    This specifies what kind of information is included in the HTTP header: either a subject string directly, or a certificate image.

  5. In the HTTP Header attribute used to supply the certificate information box, enter the name of the custom HTTP header that contains information about the client certificate used to connect to the SSL termination device (for example, “https-frontend-subject”).

  6. In the Host used for client card synchronization box, enter the host name of the Apache server (for example, “montana”).

  7. In the Port used for client card synchronization box, enter the port of the Apache server (for example, “32455”).

  8. Click Set.

  9. If a Peer Server is configured, go to the Peer Server Creation page, and change the URL of each specific ActivID CMS instance in the server pool from https to http.

  10. In the IIS service, deselect the Require SSL option for all ActivID CMS Web sites (CMS Web Site,Administration, User Portal and ServerAdmin) and select the option Ignore client certificates.

  11. Perform a “Save Configuration to Disk” operation to save this configuration.

    Important: It is strongly recommended that you restart the CMS Server and IIS services after setting all the SSL Termination parameters.

  12. Connect to the Apache Server using the client.pfx certificate generated in the Prerequisites for Installing the Apache Server section, and the following URL: https://montana:32456/aims/enterprise/operator.

    Remarks:

    • When connecting to the ActivID CMS User Portal, use the User Portal port:

      https://<apacheserver>:<UserPortal>/aims/enterprise/user

      For example, this could be: https://montana:32455/aims/enterprise/user

    • If using the CCM API, both ports (Administration and ActivID CMS User Portal) should be specified in the script as follows:

      • Administration port = SSL port

      • ActivID CMS User Portal port = TCP port