Certificate Configuration

Learn to configure certificates on CRM.launcher.

Aurea CRM uses the the default certificate type X.509 and is issued by Aurea. As an administrator you can also use external X.509 certificate issued by other certification providers. If you want to use third party certificates then you have to install the third party certificates on the server machine running launcher and also the client machines that connect to the CRM server.

To configure third party X.509 certificates, set the path to the certificates in the configuration file. The following screenshot shows the external certificate mycertificate.pfx located at the location c:\mycertificates\. Also, notice the URL format.

The following code sample shows the configuration setup in the Update.Launcher.NamedPipeServer.exe.config configuration file.
<update.net>
...

<update.launcher>
...

<PlugIns>

	<PlugIn type="update.Launcher.WebBrowser.PlugIn,update.Launcher.WebBrowser" required="false" >
		<Url>wss://www.xyz.com:8181</Url>
		<Certificate>c:\mycertificates\mycertificate.pfx</Certificate>
	</Plugin>
</PlugIns>
</update.launcher>
</update.net>
Note: The certificate must have intended purpose "Server Authentication" and its canonical name must match the host name in wss://<url>. The URL is the one configured for CRM.launcher. For example, in the example above www.xyz.com.

Configuring Aurea CRM.Web to use wss:// or ws:// connection protocol

To provide a wss:// (WebSocket Secure) or ws:// (WebSocket) connection protocol for CRM.Launcher connecting to Aurea CRM Web, use the web configuration parameter System.LauncherUrl. The parameter provides three possible connection options, listed below:

  • System.LauncherUrl is not set - This is the default state and in such a case the Launcher URL is automatically set to wss://localhost:<System.LauncherPort>. This provides a WebSocket secure connection for the Launcher, even if Aurea CRM Web server provides an insecure HTTP connection.
  • System.LauncherUrl is set to an abolute protocol - Set it to an absolute protocol wss:// to ensure that the Launcher always uses a WebSocket Secure connection protocol. Aurea recommends that you use this approach if you intend to use a hostname other than localhost and custom certificates.
  • System.LauncherUrl is set to a relative protocol - Set it to a relative protocol URL starting with two slashes, for example, //www.xyz.com:8181. The protocol relative Launcher URL is prefixed with wss: if the CRM Web server provides a HTTPS (HTTP Secure) connection or prefixed with ws: (WebSocket connection) if the CRM Web server provides a plain HTTP connection.

Adding CRM.Launcher Embedded Certificate to the Certificate Store

CRM.Launcher’s certificate is installed when the Launcher is run for the first time. On further runs CRM.Launcher checks for the certificate and tries to refresh it. If the Launcher cannot refresh he certificate due to user permission restrictions, a pop up dialog informs the user that the certificate is not available. To prevent the Launcher from checking for the certificate and trying to refresh the certificate, set the ForceRefreshCertificate property to false, in the Update.Launcher.NamedPipeServer.exe.config or the Update.Launcher.exe.config configuration file. See the sample configuration below:

<update.net>
        ...

    <update.launcher>
        ...

        <PlugIns>
        <PlugIn type="update.Launcher.WebBrowser.PlugIn.update.Launcher.WebBrowser"   required="false">
                <ForceRefreshCertificate>true</ForceRefreshCertificate>
            </PlugIn>
        </PlugIns>
    </update.launcher>
</update.net>