Problem Description: 


Infoworks DataFoundry service requires SSL certificate and private key as separate files to configure SSL encryption

Many SSL vendors ship the SSL certificate in PFX format. 

The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key into a single encryptable file. 


Solution:


We will need to extract the certificate file and private key from the .pfx file using openSSL


Step 1:  


Install openssl 


Command:   openssl version


If you’re using Linux, you can install OpenSSL with the following YUM console command:


Command:   yum install openssl


If your distribution is based on APT instead of YUM, you can use the following command instead:


Command:   apt-get install openssl



Step 2:


We’ll start by extracting the CRT file using openssl with the following command


Command: openssl pkcs12 -in ./YOUR-PFX-FILE.pfx -clcerts -nokeys -out infoworks_ssl.crt



Followed by extracting the private key with the following command


Command: openssl pkcs12 -in ./YOUR-PFX-FILE.pfx -nocerts -nodes -out infoworks_ssl.rsa


Note: PKCS#12 is a password-protected format, in order to execute all the above commands you’ll be prompted for the password that has been used when creating the .pfx file.


Step 3: 


Once you extract the certificate and private key to a location on the DataFoundy instance which is accessible by the infoworks user, please follow the below process: 

 


  1. Navigate to Ngnix configuration directory , 

Command: cd ${IW_HOME}/resources/nginx-portable/conf/Infoworks

 

  1.  Edit the platform.conf.template file ; 

Command: vi platfrom.conf.template


  1.  Add the string ssl after the proxy server port as follows:

               listen ${PROXY_SERVER_PORT} ssl;


  1.  Add the respective SSL certificate key path and certificate file path as described below:

       

  1. Uncomment # ssl_certificate /etc/nginx/ssl/infoworks_ssl.crt; line.

  2. Update it to ssl_certificate <path-to-certificate>/infoworks_ssl.crt;, 

where path-to-certificate is your respective path to the generated certificate file

  1. Uncomment # sslcertificate key /etc/nginx/ssl/infoworks_ssl.key; line.

  2. Update it to ssl_certificate_key <path-to-certificate>/infoworks_ssl.rsa;,

where path-to-certificate is your respective path to the generated certificate file.


  1.  Restart Nginx service using the following commands after navigating to Infoworks bin:


Command: cd ${IW_HOME}/bin

Command: ./stop.sh nginx && ./stop.sh UI

Command: ./start.sh nginx && ./start.sh UI

 

Applicable Infoworks versions 

 

Infoworks v3.1.x, v2.9.1



Ref:  https://docs2x.infoworks.io/admin-and-operations/service-management#secure-services-with-ssl