1.877.778.2753

TASKE Support Knowledge Base

Adding SSL Support to the TASKE Widget Server

Last Updated: 22-May-2018

Our TASKE web applications use real-time widgets (based on WebSocket technology) to transmit data. The TASKE Widget Server bridges communication between the real-time widgets in the browser and the TASKE Web Server. If you have secured TASKE web applications with an SSL certificate, then you must also secure the TASKE Widget Server with that same certificate.

This article describes how to add SSL support to the TASKE Widget Server. You must:

  • export the Secure Sockets Layer certificate from Microsoft Internet Information Services (IIS)
  • download and install OpenSSL (if not already installed)
  • create the certificate and private key files
  • configure the Windows Registry
  • test communications

Before you begin

This article assumes that you have secured your TASKE web applications with a Secure Sockets Layer (SSL) certificate. This article only applies to TASKE versions 2017.2 and newer.

You must have a working knowledge of SSL certificates and familiarity with editing the Windows Registry. If you require assistance, contact TASKE Support.

Export the SSL certificate from Microsoft Internet Information Services

You must export the SSL certificate that currently secures your TASKE web applications to a file named taske.pfx.

Steps

  1. Open IIS on the computer that is running TASKE.
  2. In the IIS Manager, in the left panel, click the computer name.
  3. In the right panel, double-click the Server Certificates icon.
  4. Right-click the certificate and click Export.
  5. Do the following:
    • Browse to your TASKE installation folder. By default, this folder is: C:\TASKE.
    • Type the filename taske.pfx.
    • Type the password password.
    • Confirm the password.
    • Click OK.

Download and install OpenSSL

You must extract the certificate and private key from the taske.pfx file using openssl.exe. If this tool is not already installed on the computer, use the steps in this topic to download and install it.

After extracting contents from the SSL certificate, you can uninstall openssl.exe.

Steps

  1. Download the 1.0.2 Win32 Light version from this location:
    https://slproweb.com/products/Win32OpenSSL.html
  2. Run the downloaded executable, selecting the following options:
    • Accept the default installation path (C:\OpenSSL-Win32), and click Next.
    • Leave the default shortcut name, and click Next.
    • Select the OpenSSL binaries (/bin) directory button, and click Next.
    • Click Install.
    • Click Finish.

Create the certificate and private key files

The taske.pfx file (the exported SSL certificate) stores the certificate and private key in binary format. The TASKE Widget Server (taske_widget_translator.exe) can read only the Privacy Enhanced Mail (PEM) format. Use the following steps to extract contents from the taske.pfx file to create two PEM-encoded text files that the Widget Server can find and load:

  • taske_widget_translator.cer
  • taske_widget_translator.key

Tip: If you installed TASKE and openssl.exe to their default folders, you can copy and paste these commands from this article.

Steps

  1. In a Windows command prompt, change to the TASKE installation folder using this command:
    cd c:\TASKE
  2. Extract the certificate using the following command and typing the password when prompted:
    \OpenSSL-Win32\bin\openssl.exe pkcs12 -in taske.pfx -nokeys -out taske_widget_translator.cer
  3. Extract the private key by typing the following command and typing the password when prompted:
    \OpenSSL-Win32\bin\openssl.exe pkcs12 -in taske.pfx -nocerts -nodes -out taske_widget_translator.key
  4. Convert the key file to the RSA format to remove the need to enter the password, using the following command:
    \OpenSSL-Win32\bin\openssl.exe rsa -in taske_widget_translator.key -out taske_widget_translator.key

Configure the Windows Registry

The TASKE default installation creates the initial Windows Registry branch and basic keys to run an unsecured HTTP server.

For information about editing TASKE Registry Keys on a 64-bit machine, see this article: Editing TASKE Registry Keys on a a 64-bit machine.

Registry Branch

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TASKE Technology\Call Management\Widget Service

Note: 32-bit Windows does not include the WOW6432Node.

Registry Keys

Name: Address

Type: String
Default: 127.0.0.1
Description: The network address or IP. For secured servers this should be a name (for example, machine.example.com).

Name: HTTP

Type: DWORD (32-bit)
Default: 1
Description: Indicates whether the unsecured (HTTP) server is enabled.
Note: Zero (0) means false or disabled. Any other number means enabled.

Name: HTTPS

Type: DWORD (32-bit)
Default: 0
Description: Indicates whether the secured (HTTPS) server is enabled.
Note: Zero (0) means false or disabled. Any other number means enabled.

Name: Port

Type: DWORD (32-bit)
Default: 9002 (decimal)
Description: The network port on which the unsecured server listens for widget connections.

Name: Secure Port

Type: DWORD (32-bit)
Default: 9443 (decimal)
Description: The network port on which the secure server listens for widget connections.

Test communications

When run as a Windows service, the TASKE Widget Server logs errors to the Window Event Viewer. No other visible feedback is provided. If you need to debug issues, follow these steps.

Steps

  1. Ensure that the TASKE Widget Server is not running in TASKE Console.
  2. Open a command prompt and change to the TASKE installation folder.
  3. Type the following and press Enter.
    taske_widget_translator -console
  4. Attempt to sign into TASKE.
    TASKE displays status messages and XML text streaming based on when the widget connections are successful. If you see errors, stop the server and correct the configuration.
  5. When you are finished testing, press CTRL + C to stop processing.

Applies to:

Telephone Systems:

  • All

Tags:

IISprivate certificateprivate keyregistrySSLSSL certificateTASKE Widget Server

Leave a Comment

You must be logged in to post a comment.