Securing Communications between ESCWA and ES for .NET using TLS

Communications between ESCWA and ES for .NET can be secured by modifying the seeadminserver.exe.config file located in the binAnyCPU/SEE folder. Ensure that the SEE Admin Server is stopped before you edit the file.

You need to uncomment the <ssl> section. You will require a Personal Information Exchange (.pfx) file to enable transfer of certificates and their private keys.

You can create a .pfx file by using the following openssl command:

openssl pkcs12 -export -inkey key.pem -in cert.pem -out new.pfx

Specify the file and passphrase for the <certificate> tag in the config file, and then start the SEE Admin Server again.

ESCWA talks to ES for .NET as a client, and will require you to install a client certificate. See Installing a Client Certificate for Enterprise Server for more information. Ensure that the root in mf-client.dat on ESCWA's host machine points to the Certificate Authority (CA) list .pem file which contains the public CA certificate information that has signed the certificate used by the SEE Admin Server. Otherwise, your DemoCA installation under private/CARootcert.pem is checked.