We are using H5 with SSL
Host: Running on Windows 2016 server with no Web services.
Mobile devices: Cell Phones.
additional Java Script: Quagga.js BarCode script to access the Phone Camera to Scan an EAN13 type Barcode
Purpose: Scan a Ticket to verify entry to an event.
Must use SSL to access Camera via Chrome.
SSL working fine; all web browsers are happy with the purchased SSL stored in the .pem file.
The whole process works well. But every day the SSL port stops working. The AppBroker Service still running. The portal on NON SSL port (8080) is working still, but the SSL port (8443) fails.
Only way to recover is it to restart the AppBroker Service; which takes unusually long to restart-30 seconds compared to general 2 seconds restart.
We are running H5 AppBroker on another site without SSL- an we have not restarted in 6 months.
The two log files - ipreject.log and appbroker.log don’t give much- unless I just do not understand the log.
Hello,
(I am hoping Diego will ask the necessary questions during this post-or how does one get hold of him/them)
I wander if a cause could be that the IP-driver version, which is installed in the same folder, is not the latest.
App Broker version: 11.13401
IP Driver version: ver11.0.13185
Hello,
Thought I would report that after using a Previous version of only the “AppBroker.exe”, the SSL portion has not died once.
Working version: Setup_AppBroker-10.12799
Trust me to make a mountain out of this. It was easy.
The steps I used to obtain an SSL (lets-encrypt) and generate a PEM file to work with AppBroker (H5)
Install on the server/workstation that hosts the AppBroker.
Open firewall ports and do a port forwarding (TCP) to port 80 and 443 from the router to the server/workstation.
Make sure the unique DNS name points to your public IP. I.e. myapp.mydomain.co.za (or use a free DynDns to point to your router/hosting partner)
Stop AppBroker service. (CertBot starts a web-service and does some foot work)
Follow steps to obtain the SSL certificate. See Step 5 in the documentation.
Yes, it will ask for email address and a few other simple questions such the domain/dns name you need the SSL certificate for: myapp.mydomain.co.za
Once done without errors, the SSL keys will be placed in a “linked” file/folder.
Then an elevated CMD command:
copy “C:\Certbot\archive\myapp.mydomain.co.za\privkey1.pem” + “C:\Certbot\archive\myapp.mydomain.co.za\fullchain1.pem” C:\AppBroker\server.PEM
Start AppBroker
Once CertBot installed, Steps 5 - 9 only need to be repeated every 80 or so days.
In December when this certificate expires I plan to make a complete batch file to automate the process. Then schedule that to run every 80 days. Hope to share it.
It appears that the folder c:\certbot\archive is used to store part(s) of the original/private keys.
Here is the batch file that seems to have worked well.
@echo prep ssl pem file
@echo stopping AppBroker...
net stop "Clarion Application Broker"
@echo starting certbot via powershell.
Powershell.exe -Command "certbot renew"
@echo ready to copy file
Pause
REM: Make a backup of the current one, just in case.
DEL C:\AppBroker\CEC3old.PEM
Ren C:\AppBroker\CEC3tmp.PEM C:\AppBroker\CEC3old.PEM
Ren C:\AppBroker\CEC3.PEM C:\AppBroker\CEC3tmp.PEM
copy "C:\Certbot\live\myapp.mydomain.co.za\privkey.pem" + "C:\Certbot\live\myapp.mydomain.co.za\fullchain.pem" C:\AppBroker\CEC3.PEM
@echo starting AppBroker...
net start "Clarion Application Broker"
pause