This section contains information on how to configure the TOTVS | Application Server to operate as a HTTPS server.
You can configure section [HTTPS] to enable secure connections for the Protheus Server. It is noteworthy that section [HTTPS] works together with section [HTTP]; that is, you need to specify both sections, [HTTP] and [HTTPS], to use secure connections. You must also configure sections [SSL] and [SSLConfigure], as we see below.
The first step is to adequately configure section [HTTP]. To do so, refer to the manual in 06. Configuring the Protheus Server for HTTP before you continue.
We assume, in this form, that our server is the localhost and we have a section [HTTP], thus defined:
[HTTP]
ENABLE=1
PORT=80
PATH=C:\AP_DATA\HTTP
After being sure to have functional HTTP access in our localhost through port 80 (for example, we manage to access a web page named default.htm, created in the path configured above, using any browser, by typing http://localhost:80 or http://localhost:80/default.htm), we can move on to configuring section [HTTPS] itself, which in one of its most minimal forms is:
[HTTPS]
ENABLE=1
PORT=443
We thus enable HTTP access in port 443.
Moreover, we also need to configure the following sections:
[SSL]
TYPE=TCPIP
PORT=26011
SecureConnection=1
[SSLConfigure]
HSM=0
SSL2=1
SSL3=1
TLS1=2
BUGS=0
STATE=0
CertificateServer=C:\Totvs\Certificados\rsa_privkey_self_cert.pem
KeyServer=C:\Totvs\Certificados\rsa_privkey.pem
PassPhrase=password
Notice that we need to specify a file for the digital certificate and another for its private key, as well as specify its password.
With these minimal configurations, we now can securely access (via HTTPS) the same page in the browser, typing https://localhost:443 or https://localhost:443/default.htm )
If you want to prevent unsafe access (via HTTP) and allow only secure access (via HTTPS), just configure key ENABLE=0 in section [HTTP].
From this point onwards, you can also securely access such requests as .apl, .apw, virtual directories, etc., always specified in section [HTTP] as described in the aforementioned manual 06. Configuring the Protheus Server for HTTP.
It is noteworthy that the aforementioned configurations are minimal for enabling secure access. For further information on the sections regarding secure access, refer to:
SSL Configuration in TOTVS | Application Server
Section [SSLConfigure]