BlueCielo Meridian Enterprise 2018 Administrator's Guide

Configuring viewing with SSL

If your organization uses Meridian Enterprise together with AutoVue from outside your firewall, you might want to secure network communications between the servers with the  Secure Sockets Layer (HTTPS).

Before you begin    You will need a certificate from a known certificate authority in order to configure SSL.

For information about using Internet Information Server to perform this task, see the Windows documentation.

To configure viewing with SSL:

  1. In Internet Information Services, import or create a certificate.
  2. For the website that contains the Meridian Enterprise application, bind the HTTPS protocol to the certificate that you created in step 1.
  3. For Meridian Enterprise versions prior to release 2013 only:
    1. For the Explorer Viewing web service, enable the HTTPS protocol.

    2. Open the web.config file of the Explorer Viewing web service in any text editor and in the serviceMetadata element, set the httpsGetEnabled value to True as shown in the bold text in the following example.

      <behaviors>
  <serviceBehaviors>
    <behavior name="BCWebService.BluePrintServiceBehavior">
      <serviceMetadata httpsGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="True"/>
    </behavior>
  </serviceBehaviors>

    3. Open the web.config file of the ExplorerClient service in any text editor and in the AutoVue Settings section, modify the values of the AutoVueServerURL, BlueCieloConnectorURL, and AutoVueBluePrintWSUrl keys to specify the HTTPS protocol as shown in the bold text in the following example.

      Note    In the following example, substitute the fully qualified name (computer name and domain name) of your server for <ServerName>.

      <!-- Auto Vue Settings -->
    <!-- Use AutoVue as default viewer (instead of the Meridian viewer control). -->
    <add key="AutoVueIsDefault" value="True"/>
    <!-- Address of the AutoVue Server. Example: value="http://{servername}:5098/servlet/VueServlet" -->
    <add key="AutoVueServerURL" value="https://<ServerName>:5098/servlet/VueServlet"/>
    <!-- Address of the AutoVue DMS service. Example: value="http://{servername}:8900/wsclient/servlet/DMS" -->
    <add key="BlueCieloConnectorURL" value="https://<ServerName>:8900/wsclient/servlet/DMS"/>
    <!-- Address of the BC Explorer Viewing service. 
         Default value : "http://{servername}/ExplorerViewing/BluePrintService.svc?wsdl" 
         Define this value if the ExplorerViewing web application is installed on a remote server or using a different name. -->
    <add key="AutoVueBluePrintWSUrl" value="https://<ServerName>/ExplorerViewing/BluePrintService.svc?wsdl"/>
  4. Export the certificate that you created in step 1 to a .cer file using the DER encoded binary X.509 format option. Do not export the private key. You may use any filename.
  5. If you have not yet installed AutoVue, start the installation as described in Installing AutoVue. If AutoVue is already installed, restart the installation program and configure the Enabling SSL Communication option as described in Installing AutoVue.

  6. Open a command prompt window in the bin folder of the Java Runtime Environment (for example, C:\Program Files (x86)\Java\jre7\bin).

  7. Run the keytool.exe program to add the certificate file that you exported in step 4 to the Identity JKS Keystore file with the password that you created as described in Installing AutoVue, for example:

    keytool -import -v -trustcacerts -alias <ComputerName> -file <PathToCERFile> -keystore <PathToJKSFile> -keypass <JKSFilePassword> -storepass <JKSFilePassword>

  8. Create a copy of C:\oracle\autovue\bin\jetty\etc\jetty-ssl.xml in the same folder and name it jetty-ssl-DMS.xml.

  9. Open jetty-ssl-DMS.xml in any text editor and set the port number to the same as in the web.config file in step 3c, for example:

    <Set name="Port">8900</Set>

  10. Comment out or remove the DOCTYPE declaration line as in the following example.

    <!--!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd"-->

    If this line is left active, the BCConnectorService service may stop responding.

  11. Open the file StartDMS.bat in any text editor and modify the Jetty startup. Specify the jetty-ssl-DMS.xml file that you created in step 8 at the end of the launch line, for example:

    "%AUTOVUE_ROOT%\jre\bin\java.exe" ... "%JETTY_DIR%\etc\jetty_dms.xml" "%JETTY_DIR%\etc\jetty-ssl-DMS.xml"

The AutoVue viewer should now work over the HTTPS protocol. You can confirm this by viewing a document in Meridian Enterprise and confirming that the protocol shown in the browser address bar is https, not http.

Copyright © 2000-2018 BlueCielo, an Accruent company