SSL Enabled Plastic Connections - Reborn!

Tuesday, December 28, 2010 5 Comments

NOTE: This article is updated and maintained at this link here
Here are the instructions on how to configure Plastic SCM release 3.0.187.x
(x > 0) to communicate using a secure SSL channel between the client and server.
First download and unzip the following package. PlasticSCM_SSL_ConfigFiles.zip. Next we are going to copy these files to specific locations.

Server setup:


  1. Stop the Plastic SCM server service from windows services

    1. In Windows goto Start->Run->type "services.msc" and find the Plastic Server service and stop it.

  2. Navigate to your Plastic SCM server installation folder and rename your current remoting.conf file to remoting.conf.bck.

  3. From the zip file server folder extract the new remoting.conf to the Plastic server installation folder.

    1. The provided remoting.conf file will configure your server to use the default TCP port 8084 for non-SSL client connections and TCP port 8085 for SSL connections.

    2. You can change the Listening ports above by editing the remoting.conf file.

  4. A plastic.key and a plastic.cert files should be generated for the SSL to work, these files should be placed in the Plastic SCM server folder.

    1. to generate the files, we will use a certificate generator tool makecert.exe obtainable from the .NET SDK:

      http://msdn.microsoft.com/en-us/library/bfsktky3%28VS.80%29.aspx

    2. use the following command from within .NET SDK command Prompt: c:\>hostname

    3. record the above hostname to use it in the following command to generate the certification files:

    4. c:\> makecert -r -pe -eku 1.3.6.1.5.5.7.3.1 -n "CN=hostname" -sv c:\plastic.key c:\plastic.cert

    5. see Figure 1



    1. If a pop up window “create Private Key password” is shown, choose None as illustrated in Figure 2



    1. Copy the generated plastic.cert and plastic.key from c:\ to the plastic scm server folder.

    2. Edit the remoting.conf file for the plastic server to point to the above generated certificate files; find the section and update it as illustrated below.

    <channel type="Codice.Channels.PlasticSecuredTcpChannel, 
    plastictcpchannel" port="8087"
    sslCertificateFile="C:\Program files\PlasticSCM\server\plastic.cert"
    sslPrivateKeyFile="C:\Program files\PlasticSCM\server\plastic.key"
    ;
    name="secured">

  5. Start the Plastic server, and check the connections on the server machine to verify that server is listening on the right TCP ports, executing the following command from a command-prompt c:\>netstat –na –p TCP as illustrated on Figure 3


Client setup:


To enable the Plastic SCM client to connect to the Plastic SCM server using SSL, first extract from client folder within the zip file, the file remoting.conf that should be extracted and placed in the Plastic SCM client installation folder.
Complete the setup following the below steps:
  1. re-run the Client configuration wizard, and point to the port that is used for SSL, in our case port 8085.

  2. edit the client.conf file adding the following line:

    1. <ServerProtocol>ssl</ServerProtocol>

    2. see Figure 4


  1. if you want to use the previous non SSL connection, you must remove the above added line in the client.conf file and re-run the Client configuration wizard, and point to the port that is used for non-SSL connections, in the default case port 8084.

The makecert.exe program is part of the Windows SDK, so Windows developers probably already have it. We found some easy instructions on doing this on another blog post here.

5 comments:

  1. Ouch! Too much work... if using custom certs this should be setup straight out of the box.

    ReplyDelete
  2. :)

    Right, you're right, but let us go step by step... We'll include it in the setup process soon...

    ReplyDelete
  3. Great topic choose by you.
    But Too abundant work. I would like to know full setup guideline.

    Before couple of day i install my UCC certificate form clickssl.com

    ReplyDelete
  4. Hm, interesting. Is it possible to use replication over SSL?

    ReplyDelete
  5. Well, at the time answering this we already have it running with an internal build that hopefully soon will be released, I tested it and now it does replication over SSL :) so there is indeed something to look forward too in one of the coming releases.
    cheers,

    ReplyDelete