Configuring AppDNA for SSL/TLS

Configuring AppDNA for SSL/TLS

book

Article ID: CTX222781

calendar_today

Updated On:

Description

After you have installed AppDNA, the Configuration Wizard creates a website in IIS on the server and all communication from clients to the server are made through various SOAP APIs that the website provides.

However, the configuration wizard only sets this site up with default http access on port 8199. In most modern enterprise environments, you will want all of your http traffic running as https over SSL or more likely TLS 1.2. Whilst AppDNA runs perfectly well over a secure https channel, it cannot be initially configured that way and changing it is not a simple task. Though neither is it very difficult if you know how.

This article provides a step by step guide to show you how to get your AppDNA installation running over https.


Instructions

Step 1: Update the IIS uploadReadAheadSize setting

  1. On the AppDNA Server open up IIS Manager

  2. Select the AppDNA Website and click on the Configuration Editor in the action pane
    User-added image

  3. From the Section drop down menu Select system.webServer and then serverRuntime
    User-added image

  4. Modify the uploadReadAheadSize Setting to 104857600 and click Apply
    User-added image
    Alternatively open an elevated command prompt and run the following command
    “%windir%\system32\inetsrv\appcmd.exe” set config -section:system.webServer/serverRuntime /uploadReadAheadSize:”104857600” /commit:apphost

Step 2: Create a new IIS binding

  1. On the AppDNA Server open up IIS Manager
  2. Select the AppDNA Website and click on Bindings in the action pane
    User-added image

  3. Click Add on the bindings dialog page

  4. Choose https from the Type dropdown and select the SSL Certificate that you want the site to use
    User-added image

  5. Select the AppDNA web site again and then click on the SSL settings icon in the main pane
    User-added image

  6. Check the Require SSL Check box and click Apply
    User-added image

  7. You will now find that navigating to the AppDNA Web site, or trying to launch the client will give an authentication error
    User-added image

Step 3: Configure the AppDNA Server to use the new binding

  1. Open the AppDNA Configuration wizard

  2. Select the options for Reconfiguration Installation then Reconfigure System and then Web Site.
    User-added image

  3. Change the Port that AppDNA will use from the default http port 8199 to the ssl port 443
    User-added image
    User-added image

  4. The configuration wizard will not allow us to do it.

  5. We will have to edit it manually.

  6. Browse to the the AppDNA Server's installation directory "C:\Program Files\Citrix\AppDNA\Server" (Program Files (x86) if you are using a version of AppDNA earlier than 7.13)

  7. Locate the file named web.config (make a backup copy) and open it with your favorite xml editing tool

  8. Locate the key for the 'ReportBaseUrl' under the settings section and modify the url so that the protocol reads https:// (instead of http://) and the port reads 443 (instead of 8199)

  9. If The certificate you used contains the FQDN of the server then make sure your configuration here does too.
    User-added image

  10. Save these changes and you will now be able to access the AppDNA Web Client over https
    User-added image

Step 3: Configure AppDNA Clients to use the new binding

  1. This time the UI will allow us to do all the things we need.

  2. Open the AppDNA client but do not attempt to log in yet (if you have auto login configured, just dismiss the error message)

  3. Select the expand icon on the Options
    User-added image

  4. Then click the pencil Edit icon next to your site name
    User-added image

  5. Notice that the site is still points to the http://... version of the url
    User-added image

  6. Click Next through the wizard until you get to the edit url page

  7. Modify the protocol and ports in the url as we have done previously

  8. Again make sure that the address of the Web Server exactly matches that contained in the certificate, or it will fail to authenticate correctly.
    User-added image

  9. Click Next through to the end of the wizard and you will see the modified url reflected in the site details
    User-added image

  10. We are done. You should be able to login now and verify that the client is communicating with the server and accessing report on the new https channel

  11. However, please remember that this last step will need to be repeated on AppDNA clients and for each AppDNA Site that is using the new SSL binding.
    User-added image
    User-added image