Skip to main content

Configuring HTTPS in Ingress

Open iT Ingress is configured to use secure browsing (HTTPS) by default, with an SSL Certificate and Key. If you need further configuration for the HTTPS setup, please review the relevant section for detailed instructions.

Configure HTTPS with Windows Certificate Store

Open iT Ingress can use secure browsing (HTTPS) using SSL certificates installed in the Windows Certificate Store.

  1. Go to the Open iT Ingress configuration directory, which is C:\Program Files\OpeniT\Ingress\configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, input the necessary details.

    FieldsDescription
    SchemeUse this to specify the https protocol.
    HostUse this to specify the hostname or domain name.
    :icon-alert: Warning: Hostnames or domain names cannot contain underscores _ since this is an invalid character according to the DNS specifications and RFC standards.
    PortUse this to specify the port number. You can use the default port for HTTPS, 443.
    StoreUse this to specify the Certificate Store where your SSL certificate is stored.
    LocationUse this to specify the appropriate store location.
    Required Fields for SSL Configuration in the Override File

    The Store field accepts only predefined certificate store values. These stores indicate where the SSL certificate is stored on the system. Refer to the table below for supported values and their usage:

    StoresDescription
    MyUse this to specify the Personal store, commonly used for client certificates or private keys.
    RootUse this to specify the Trusted Root Certification Authorities.
    AuthRootUse this to specify the Third-party Root Certification Authorities.
    TrustedPeopleUse this to specify the certificates of the trusted people.
    TrustedPublisherUse this to specify the trusted publishers, typically used for code signing.
    CA or Certificate AuthorityUse this to specify the intermediate Certification Authorities.
    AddressBookUse this to specify other users that are used for email encryption certificates.
    DisallowedUse this to specify revoked and explicitly untrusted certificates.
    Supported Certificate Stores for SSL Configuration

    The Location field determines where the certificate store is located. Choose one of the supported values below depending on whether the certificate applies to the current user, all users, or specific services:

    Store LocationDescription
    CurrentUserUse this to specify certificates that are available only to the currently logged-in user.
    LocalMachineUse this to specify certificates that are available system-wide for all users.
    ServiceUse this to specify certificates used by specific Windows services (e.g., IIS, SQL Server).
    GroupPolicyUse this to specify certificates deployed via Group Policy, which can apply either to a user or a machine.
    Supported Store Locations for SSL Configuration

    SiteBindings.Override.json
    {
        "SiteBindings":  [
            { 
                "Scheme": "https",
                "Host": "customer.openit.com",
                "Port": "443",
                "Certificate": {
                    "Store": "My",
                    "Location": "LocalMachine"
                }
            }
        ]
    }

  4. Save the file.

  5. Open the Task Manager.

  6. Go to the Services tab.

  7. Restart the OpeniTIngress service.

Configure HTTPS with an SSL Certificate and Key

Open iT Ingress can use secure browsing (HTTPS) using an SSL certificate and key.

  1. Go to the Open iT Ingress configuration directory, which is C:\Program Files\OpeniT\Ingress\configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, input the necessary details.

    FieldsDescription
    SchemeUse this to specify the https protocol.
    HostUse this to specify the hostname or domain name.
    Warning: Hostnames or domain names cannot contain underscores _ since this is an invalid character according to the DNS specifications and RFC standards.
    PortUse this to specify the port number. You can use the default port for HTTPS, 443.
    CertUse this to specify the path to the SSL certificate.
    KeyUse this to specify the path to the SSL key.
    Required Fields for SSL Configuration in the Override File

    SiteBindings.Override.json
    {
        "SiteBindings":  [
            { 
                "Scheme": "https",
                "Host": "customer.openit.com",
                "Port": "443",
                "Certificate": {
                    "Cert": "C:\Program Files\OpeniT\Ingress\configuration\caddy\ssl.crt\server.crt",
                    "Key": "C:\Program Files\OpeniT\Ingress\configuration\caddy\ssl.key\server.key"
                }
            }
        ]
    }

  4. Save the file.

  5. Open the Task Manager.

  6. Go to the Services tab.

  7. Restart the OpeniTIngress service.

Configure HTTPS using Let's Encrypt

Open iT Ingress can use secure browsing (HTTPS) using Let's Encrypt.

  1. Go to the Open iT Ingress configuration directory, which is C:\Program Files\OpeniT\Ingress\configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, make sure that the Cert and Key fields are empty.

    This allows Caddy to automatically create a certificate.

    SiteBindings.Override.json
    {
        "SiteBindings":  [
            { 
                "Scheme": "https",
                "Host": "customer.openit.com",
                "Port": "443",
                "Certificate": {
                    "Cert": "",
                    "Key": ""
                }
            }
        ]
    }

  4. Save the file.

  5. Open the Task Manager.

  6. Go to the Services tab.

  7. Restart the OpeniTIngress service.

Add Multiple Site Bindings

  1. Go to the Open iT Ingress configuration directory, which is C:\Program Files\OpeniT\Ingress\configuration by default.

  2. Create a copy of SiteBindings.json and rename the duplicate file to SiteBindings.Override.json.

    Open the existing SiteBindings.Override.json, if there is already one.

  3. In the override file, copy the entire site binding section.

    For example, copy the contents from line 3 to 11.

    SiteBindings.Override.json
    {
        "SiteBindings":  [
            { 
                "Scheme": "http",
                "Host": "",
                "Port": "8080",
                "Certificate": {
                    "Cert": "",
                    "Key": ""
                }
            }
        ]
    }

  4. Paste the copied contents at the end of the SiteBindings array.

    Add a comma , to separate each site bindings.

    SiteBindings.Override.json
    {
        "SiteBindings":  [
            { 
                "Scheme": "http",
                "Host": "",
                "Port": "8080",
                "Certificate": {
                    "Cert": "",
                    "Key": ""
                }
            },
            { 
                "Scheme": "http",
                "Host": "",
                "Port": "8080",
                "Certificate": {
                    "Cert": "",
                    "Key": ""
                }
            },
            { 
                "Scheme": "http",
                "Host": "",
                "Port": "8080",
                "Certificate": {
                    "Cert": "",
                    "Key": ""
                }
            }
        ]
    }

  5. Modify the values in the additional site binding(s) as needed.

    You may also use the following sections for reference:

  6. Save the file.

  7. Open the Task Manager.

  8. Go to the Services tab.

  9. Restart the OpeniTIngress service.

Add an Additional Reverse Proxy

This section guides you through the process of setting up an additional reverse proxy instance in your environment.

  1. Go to the Open iT Ingress CaddyFilePartials directory, which is by default in C:\Program Files\OpeniT\Ingress\configuration\ingress\CaddyFilePartials.

  2. Open the custom.caddy file using your preferred text editor. Use this file to define additional reverse proxy configurations to append to the main CaddyFile automatically.

    custom.caddy
    # This is a sample partial file, this will be appended at the end of your caddyfile.caddy

    Add your new reverse proxy configuration below the comment:

    Example
    # This is a sample partial file, this will be appended at the end of your caddyfile.caddy

    https://customer.another.openit.com {
        reverse_proxy :8888
    }

  3. Save the changes.

  4. Open the Task Manager.

  5. Go to the Services tab.

  6. Restart the OpeniTIngress service.

  7. Verify that the configurations added in the custom.caddy file are appended to the CaddyFile.caddy file, which is by default in C:\Program Files\OpeniT\Ingress\configuration\ingress\CaddyFile.caddy.

    CaddyFile.caddy
    # This is a sample partial file, this will be appended at the end of your caddyfile.caddy

    https://customer.another.openit.com {
        reverse_proxy :8888
    }