This Article Applies From:
This article details how to set a certificate for DeMeter. If you feel unsure about the procedure, contact your remote support team.
TABLE OF CONTENTS1 - Pre- requisites 2 - Setting up the certificate
1 - Pre- requisites
1.1 - Intended audience
This article is intended for IT engineers in charge of securing the network.
A basic understanding of SSL / HTTPS protocols and certificates is required.
1.2 - Suggested readings
The following articles can be useful before installing the certificates:
- DeMeter installation procedure.
1.3 - System state
All necessary software in the DeMeter software suite have been installed on your server.
2 - Setting up the certificate
2.1 - Supported certificates
DeMeter only supports PFX and P12 certificates.
The certificate cipher rules depends on your IT rules and your server settings. In order to check what cipher suites are permitted on your computer:
- Open a PowerShell console.
- Type Get-TLSCipherSuite in the console then hit enter.
All cipher suites supported by your server will be listed.
If you wish to restrict the display to only check whether the certificate you wish to install is supported, type Get-TLSCipherSuite -Name XYZ, XYZ being the name of your certificate's cipher.
- If nothing is returned, then the cipher suite of your certificate is not supported by your server.
- If the command returns some data, then your cipher suite is supported by your server.
Note: it is key, in addition to your server allowing you to use a given cipher suite, to make sure that the cipher suite you intend is still secure.
2.2 - Setting up the certificate
- Copy your certificate to the server running DeMeter.
- Stop the DeMeter service.
- Open the appsettings.json file in C:\ProgramData\Desoutter\DeMeter\API folder.
Note: the file may not exist if you are using the default DeMeter port settings. If that is the case, copy the appsettings.json file from C:\ProgramFiles\Desoutter\DeMeter to C:\ProgramData\Desoutter\DeMeter\API.
- Edit the Certificate field to match the certificate's path.
Note: you must use "\\" instead of the standard "\" in the path's name. As an example, if your certificate is directly located in the API folder, you should write: C:\\ProgramData\\Desoutter\\DeMeter\\API.
- Copy the password associated to your certificate in the CertificatePwd field.
- (Optional) Edit the secured port number associated to SSL / HTTPS in the ApiPortSecured field.
- Start the DeMeter service.
Contact your remote support team if you feel unsure about the procedure, or need additional help.
If you wish to remove the certificate from DeMeter, simply remove both the certificate path and its password from the appsettings.json file.
2.3 - Checking your connection is secure
You can check that the certificate is correctly taken into account by connecting to DeMeter using your preferred web browser: see the below example for a local connection.
Note that, depending on the certificate generation method (i.e. the Trusted Root Certification Authorities), your web browser may deem your connection Not to be secure.
This is not necessarily due to the certificate, but can be linked to your web browser not recognising the root certification authority. In such a case:
- You can ignore the message an carry on. This may be disconcerting though to the users in house.
- You can add the information for the root certification authorities to all computers that may have to connect to DeMeter. We advise to consult with your IT department to ensure this is done where necessary.