Our TASKE web applications use real-time widgets (based on WebSocket technology) to transmit data. The TASKE Widget Server bridges communication between the real-time widgets in the browser and the TASKE Web Server. If you have secured TASKE web applications with an SSL certificate, then you must also secure the TASKE Widget Server with that same certificate.
This article describes how to add SSL support to the TASKE Widget Server. You must:
- export the Secure Sockets Layer certificate from Microsoft Internet Information Services (IIS)
- download and install OpenSSL (if not already installed)
- create the certificate and private key files
- configure the Windows Registry
- test communications
Before you begin
This article assumes that you have secured your TASKE web applications with a Secure Sockets Layer (SSL) certificate. This article only applies to TASKE versions 2017.2 and newer.
You must have a working knowledge of SSL certificates and familiarity with editing the Windows Registry. If you require assistance, contact TASKE Support.
Export the SSL certificate from Microsoft Internet Information Services
You must export the SSL certificate that currently secures your TASKE web applications to a file named taske.pfx.
Steps
- Open IIS on the computer that is running TASKE.
- In the IIS Manager, in the left panel, click the computer name.
- In the right panel, double-click the Server Certificates icon.
- Right-click the certificate and click Export.
- Do the following:
- Browse to your TASKE installation folder. By default, this folder is: C:\ProgramData\TASKE Technology Inc\Contact.
- Type the filename taske.pfx.
- Type the password password.
- Confirm the password.
- Click OK.
Download and install OpenSSL
You must extract the certificate and private key from the taske.pfx file using openssl.exe. If this tool is not already installed on the computer, use the steps in this topic to download and install it.
After extracting contents from the SSL certificate, you can uninstall openssl.exe.
Steps
- Download the Win32 Light version from this location:
https://slproweb.com/products/Win32OpenSSL.html - Run the downloaded executable, selecting the following options:
- Accept the default installation path (C:\Program Files (x86)\OpenSSL-Win32), and click Next.
- Leave the default shortcut name, and click Next.
- Select the OpenSSL binaries (/bin) directory button, and click Next.
- Click Install.
- Click Finish.
Create the certificate and private key files
The taske.pfx file (the exported SSL certificate) stores the certificate and private key in binary format. The TASKE Widget Server (taske_widget_translator.exe) can read only the Privacy Enhanced Mail (PEM) format. Use the following steps to extract contents from the taske.pfx file to create two PEM-encoded text files that the Widget Server can find and load:
- taske_widget_translator.cer
- taske_widget_translator.key
Tip: If you installed TASKE and openssl.exe to their default folders, you can copy and paste these commands from this article.
Steps
- In a Windows command prompt, change to the TASKE installation folder using this command:
cd C:\ProgramData\TASKE Technology Inc\Contact - Extract the certificate using the following command and typing the password when prompted:
C:\Program Files (x86)\OpenSSL-Win32\bin\openssl.exe pkcs12 -in taske.pfx -nokeys -out taske_widget_translator.cer - Extract the private key by typing the following command and typing the password when prompted:
C:\Program Files (x86)\OpenSSL-Win32\bin\openssl.exe pkcs12 -in taske.pfx -nocerts -nodes -out taske_widget_translator.key - Convert the key file to the RSA format to remove the need to enter the password, using the following command:
C:\Program Files (x86)\OpenSSL-Win32\bin\openssl.exe rsa -in taske_widget_translator.key -out taske_widget_translator.key
Configure the Windows Registry
The TASKE default installation creates the initial Windows Registry branch and basic keys to run an unsecured HTTP server.
For information about editing TASKE Registry Keys see this article: Editing TASKE Registry Keys.
Registry Branch
HKEY_LOCAL_MACHINE\SOFTWARE\TASKE Technology\Call Management\Widget Service
Registry Keys
Name: Address
Type: String
Default: 127.0.0.1
Description: The network address or IP. For secured servers this should be a name (for example, machine.example.com).
Name: HTTP
Type: DWORD (32-bit)
Default: 1
Description: Indicates whether the unsecured (HTTP) server is enabled.
Note: Zero (0) means false or disabled. Any other number means enabled.
Name: HTTPS
Type: DWORD (32-bit)
Default: 0
Description: Indicates whether the secured (HTTPS) server is enabled.
Note: Zero (0) means false or disabled. Any other number means enabled.
Name: Port
Type: DWORD (32-bit)
Default: 9002 (decimal)
Description: The network port on which the unsecured server listens for widget connections.
Name: Secure Port
Type: DWORD (32-bit)
Default: 9443 (decimal)
Description: The network port on which the secure server listens for widget connections.
Test communications
When run as a Windows service, the TASKE Widget Server logs errors to the Window Event Viewer. No other visible feedback is provided. If you need to debug issues, follow these steps.
Steps
- Ensure that the TASKE Widget Server is not running in TASKE Console.
- Open a command prompt and change to the TASKE installation folder.
- Type the following and press Enter.
taske_widget_translator -console - Attempt to sign into TASKE.
TASKE displays status messages and XML text streaming based on when the widget connections are successful. If you see errors, stop the server and correct the configuration. - When you are finished testing, press CTRL + C to stop processing.
