This article describes the steps required to configure K2.net 2003 for use over an HTTPS/SSL connection.

Overview

This section describes the steps required to configure K2.net™ 2003 for use over an HTTPS/SSL connection.

The steps described include:


•  Configure IIS

-  Generate Certificate Request
•  Install Certificates

-  Install Root Certificate

-  Install Server Certificate
•  Enable IIS to Require SSL
•  Configure K2.net™ 2003

-  Edit Registry Entries

-  Edit "Workspace.htm"

-  Edit "Web.config"

-  Edit "Viewflow.aspx"

Assumptions

The following assumptions have been made whilst preparing this article:

•  Environment hardware is available, powered and connected to its own dedicated network.
•  The person responsible for the installation is generally familiar with Microsoft Windows and simple file management operations.
•  K2.net™ 2003 Service Pack 1 (or higher) has been installed.
•  K2.net™ 2003 has been installed using default settings.

Configure IIS

Generate Certificate Request

Before an IIS installation can be configured for use with HTTPS/SSL, a certificate must be requested. The steps outlined below describe how the certificate may be requested.

Start "Internet Information Services (IIS) Manager" using the Start | All Programs | Administrative Tools | Internet Information Services (IIS) Manager menu sequence.

Expand the tree structure until the web site node used by K2.net™ 2003 is visible, as shown below.

 
 
Display the "Web Site Properties" dialog, shown below, by right-clicking the web site and selecting "Properties" from the context menu.
 
 
Open the "Directory Security" tab.
 
 
Start the "Web Server Certificate" Wizard by clicking the "Server Certificate..." button.

On the "Welcome to the Web Server Certificate Wizard" page, click the "Next" button to continue.
 
 
On the "Server Certificate" page, select the "Create a new certificate" option, and click the "Next" button to continue.
 
 
On the "Delayed or Immediate Request" page, select the "Prepare the request now, but send it later" option, and click the "Next" button to continue.
 
 
On the "Name and Security Settings" page, enter a suitable name for the certificate and set the bit length to 1024. Click the "Next" button to continue.
 
 
On the "Organization Information" page, enter appropriate values for the "Organization" and "Organizational unit" fields. Click the "Next" button to continue.
 
 
On the "Your Site’s Common Name" page, enter the web server’s name, and click the "Next" button to continue.
 
 
On the "Geographical Information" page, enter appropriate values for the "Country/Region", "State/Province" and "City/Locality" fields. Click the "Next" button to continue.
 
 
On the "Certificate Request File Name" page, select a suitable path to save the request to, and click the "Next" button to continue.
 
 
On the "Request File Summary" page, click the "Next" button to continue.
 
 
On the "Completing the Web Server Certificate Wizard" page, click the "Finish" button to continue.
 
 

Install Certificates

Before an IIS installation can be configured for use with HTTPS/SSL, the Root and Server certificates must be installed. The steps outlined below describe how the certificates can be installed on the server.

Install Root Certificates

By using "Internet Explorer", navigate to an SSL certification authority like "Thawte" by entering the following URL: http://www.thawte.com. Apply for the required certificates and download the appropriate root certificates. The root certificate(s) should be supplied as DER encoded file(s). Double-click the certificate file(s) in order to install the necessary certificate(s).

At the "Certificate" dialog, click the "Install Certificate..." button to continue.

 
 
On the "Welcome to the Certificate Import Wizard" page, click the "Next" button to continue.
 
 
On the "Certificate Store" page, select the "Place all certificates in the following store" option and click the "Browse..." button. In the "Select Certificate Store" window, check the "Show physical stores" option. Expand the "Third-Party Root Certification Authorities" node and select the "Local Computer" entry.
 
 
Click the "OK" button to continue.
 
 
Click the "Next" button to continue.
 
 

Click the "Finish" button to continue.

Install Server Certificate

The Server certificate should also be supplied as a DER encoded file. Copy the file to the server and rename to a ".cer" extension.

Start Internet Information Services (IIS) Manager using the "Start | All Programs | Administrative Tools | Internet Information Services (IIS) Manager" menu sequence.

Expand the tree structure until the web site node used by K2.net™ 2003 is visible.

 
 
Display the web site "Properties" dialog, by right-clicking the web site and selecting "Properties" from the context menu.
 
 
Open the "Directory Security" tab, by clicking the "Directory Security" tab.
 
 
Start the "Web Server Certificate Wizard" by clicking the "Server Certificate..." button. On the "Welcome to the Web Server Certificate Wizard" page, click the "Next" button to continue.
 
 
On the "Pending Certificate Request" page, select the "Process the pending request and install the certificate" option, and click the "Next" button to continue.
 
 
On the "Process a pending request" page, browse to the certificate file, and click the "Next" button to continue.
 
 
On the "Certificate Summary" page, click the "Next" button to continue.
 
 
On the "Completing the Web Server Certificate Wizard" page, click the "Finish" button to continue.
 
 

Enable IIS to Require SSL

Once the certificate has been requested and installed, the IIS installation must be configured to require SSL. The steps outlined below describe how this may be enabled.

Start "Internet Information Services (IIS) Manager" using the "Start | All Programs | Administrative Tools | Internet Information Services (IIS) Manager" menu sequence.

Expand the tree structure until the web site node used by K2.net™ 2003 is visible.

Display the web site "Properties" dialog by right-clicking the web site and selecting "Properties" from the context menu.

Open the "Directory Security" tab, shown below, by clicking the "Directory Security" tab.

Display the "Secure Communications" dialog, shown below, by clicking the "Edit..." button in the "Secure communications" section of the tab.

 
 
Enable secure communications by clicking the "Require secure channel (SSL)" and "Require 128-bit encryption" options.
 
 

Configure K2.net™ 2003

Edit Registry Entries

The URLs for the K2 Web Site and Web Service must be updated to point to the secured IIS installation. The steps outlined below describe how these values may be updated:

Start a "Command Prompt" using the "Start | All Programs | Accessories | Command Prompt" menu sequence.

Start the "Registry Editor" by entering "regedit" at the prompt and pressing <ENTER>.

Expand the tree structure until the "HKEY_LOCAL_MACHINE\SOFTWARE\SourceCode\K2.net 2003 SP1\Install Settings" node is visible, as shown below.

 
 
Display the Edit String dialog, shown below, by double-clicking the "K2SITEURL" entry. Change the value to read "HTTPS://<SERVER_NAME>", where <SERVER_NAME> should be replaced with the name of the appropriate machine. For example, "http://Ockert" should be changed to "https://Ockert". Click the "OK" button to close the dialog.
 
 

Repeat these steps for the "K2WSSSITEURL" entry.

Configure Workspace

The URL for the K2 Workspace must be updated to point to the secured IIS installation. The steps outlined below describe how this value may be updated.

Start "Windows Explorer" using the "Start | All Programs | Accessories | Windows Explorer" menu sequence.

Navigate to the "Workspace" directory ("C:\Program Files\K2.net 2003\K2WS\Workspace")

Open "workspace.htm" in an appropriate editor.

Search for the string "document.getElementById("RedirectForm").action = "http://<SERVER_NAME>/K2V3/Workspace/Workspace.aspx";", shown below and change "HTTP://" to "HTTPS://".

 
 

Edit "web.config"

The URL for the K2.net™ 2003 web server must be updated to point to the secured IIS installation. The steps outlined below describe how this value may be updated.

Start "Windows Explorer" using the "Start | All Programs | Accessories | Windows Explorer" menu sequence.

Navigate to the "Workspace" directory ("C:\Program Files\K2.net 2003\K2WS\Workspace").

Open "web.config" in an appropriate editor.

Search for the string <add key="WebServer" value="http://<SERVER_NAME>/K2V3" />", and change "HTTP://" to "HTTPS://" as shown below.

 
 

Edit "ViewFlow.aspx"

The URL for the "K2.net™ 2003 Process Flow Chart" viewer must be updated to use the secured IIS installation. The steps outlined below describe how this value may be updated.

Start Windows Explorer using the "Start | All Programs | Accessories | Windows Explorer" menu sequence.

Navigate to the "K2MIS" directory ("C:\Program Files\K2.net 2003\K2WS\Workspace\K2MIS").

Open "ViewFlow.aspx" in an appropriate editor.

Search for the string <OBJECT id="ViewFlow" width="200%" height="200%" classid="http:ViewProcessInstance.dll#ViewProcessInstance.ViewControl" VIEWASTEXT> and change "HTTP:" to "HTTPS:" as shown below.