DEV Community

InterSystems Developer for InterSystems

Posted on β€’ Originally published at community.intersystems.com

Programmatic configuration of SSL Connections with the Superserver

Greetings dear community members!

I have recently been deploying an IRIS for Health image on a Docker with a preconfigured Webgateway image and I have come across the problem of the SSL configurations that allow us to connect to the IRIS instance using HTTPS and going through our Webgateway.

Until now I had always deployed IRIS for Health with a Community license, which still has the Private Web Server installed, so I only needed to configure the Webgateway connection with the deployed IRIS instance:

Image description

Access the management portal using the URL provided by the PWS and enable access to the Superserver from its configuration screen:

Image description

By selecting port 1972 we could see the security information and we only needed to enable SSL connections with the previously created %SuperServer SSL/TLS configuration:

Image description

Well, with non-Community versions the last step of the configuration is not feasible, since we do not have web access to our IRIS instance, therefore, we will have to do it programmatically so that when deploying our Docker it not only creates the SSL/TLS configuration but also enables SSL connections with the superserver that the webgateway will use for the connection.

To do this we must use the  Security.Servers  class that allows us to perform the same configuration. Below you can see a class method that will create the SSL connection %SuperServer and then enable said connections with port 1972:

Method EnableSSLSuperServer(password="")
{
    New $NAMESPACE
    zn "%SYS"
    set certdir=..SSLDirectory
    set CAfile = ..SSLCertAuth
    set certfile = ..SSLCertificate
    set keyfile = ..SSLKey
    set sslconfig = ##class(Security.SSLConfigs).%New()
    do sslconfig.CAFileSet(certdir_CAfile)
    do sslconfig.CertificateFileSet(certdir_certfile)
    do sslconfig.PrivateKeyFileSet(certdir_keyfile)
    if password'="" do sslconfig.PrivateKeyPasswordSet(password)
    do sslconfig.DescriptionSet("SuperServer configuration")
    do sslconfig.EnabledSet(1)
    do sslconfig.TypeSet(1)
    do sslconfig.NameSet("%SuperServer")
    set sc=sslconfig.%Save()
    If (sc'=1) {
        Write !, "WARNING: Creating and saving the %SuperServer SSL configuration failed!"
        Write !, $system.Status.GetErrorText(sc)
    }

    If (sc'=1) {
        Write !, "WARNING: Getting the system security settings failed!"
        Write !, $system.Status.GetErrorText(sc)
    }
    set sc = ##class(Security.Servers).Get("1972",,.propsSuperServer)
    set propsSuperServer("Enabled") = 1
    set propsSuperServer("SSLSupportLevel") = 1
    set propsSuperServer("SSLConfig") = "%SuperServer"
    set sc = ##class(Security.Servers).Modify("1972",,.propsSuperServer)

    If (sc'=1) {
        Write !, "WARNING: Modifying the system's SSLSuperServer property failed!"
        Write !, $system.Status.GetErrorText(sc)    
    }
    Write !, "Done enabling SSL for the SuperServer"
}

In more detail, this will be the code snippet that enables SSL for 1972:

set sc = ##class(Security.Servers).Get("1972",,.propsSuperServer)
    set propsSuperServer("Enabled") = 1
    set propsSuperServer("SSLSupportLevel") = 1
    set propsSuperServer("SSLConfig") = "%SuperServer"
    set sc = ##class(Security.Servers).Modify("1972",,.propsSuperServer)

I hope you find it useful!

Tiugo image

Modular, Fast, and Built for Developers

CKEditor 5 gives you full control over your editing experience. A modular architecture means you get high performance, fewer re-renders and a setup that scales with your needs.

Start now

Top comments (0)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.

Image of Stellar post

πŸš€ Stellar Dev Diaries Series: Episode 1 is LIVE!

Ever wondered what it takes to build a web3 startup from scratch? In the Stellar Dev Diaries series, we follow the journey of a team of developers building on the Stellar Network as they go from hackathon win to getting funded and launching on mainnet.

Read more

πŸ‘‹ Kindness is contagious

Value this insightful article and join the thriving DEV Community. Developers of every skill level are encouraged to contribute and expand our collective knowledge.

A simple β€œthank you” can uplift someone’s spirits. Leave your appreciation in the comments!

On DEV, exchanging expertise lightens our path and reinforces our bonds. Enjoyed the read? A quick note of thanks to the author means a lot.

Okay