Views:

Overview

Some customers require setting up MET/TEAM as a secure web site, using the HTTPS protocol instead of HTTP. The MET/TEAM Server installer is only capable of setting up a MET/TEAM web site to use the HTTP protocol. However, the web site can be easily converted to a secure web site by following the instructions given in the document Setting up a Secure METTEAM Web Site using SSL.

If the customer is using MET/CAL, a few additional changes need to be made to the MET/TEAM web site configuration settings in order for MET/CAL to be able to successfully connect, retrieve and post information to MET/TEAM.

Note: Initial testing indicates that making the changes outlined below to the MET/TEAM web site configuration settings do not affect using the standard HTTP protocol

Process

  • Follow the instructions in the document mentioned above to setup the MET/TEAM web site to use Secure Socket Layer (SSL).
  • Once the installation is complete, run Internet Information Services (IIS) Manager and stop the MET/TEAM web site.
  • Using Windows Explorer, navigate to the MET/TEAM web site’s root folder (typically C:\inetpub\wwwroot\METTEAM) and open the config file using a text editor.
  • Make the following changes to the <system.serviceModel> section of the file:
    • In the <system.serviceModel> section, add the <webHttpBinding> section in bold
    • Delete or comment out the <client> section
      • In the below example "<!--" and "-->" have been added before and after the <client> section to comment it out
    • Change the serviceMetadata line to what is noted in bold

<system.serviceModel>

<webHttpBinding>

<binding maxReceivedMessageSize="2147483647">

<security mode="Transport" />

</binding>

</webHttpBinding>

 

    <!—Added to support HTTPS -->

<!--

    <client>

        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />

        <host> 

            <baseAddresses>

                <add baseAddress="https://<address>:<port>/RemoteDataService.svc" />

            </baseAddresses>

        </host>

    </client>

-->

    <!-- This setting controls the amount of data MET/CAL can transfer in one transaction. -->

    <standardEndpoints>

        <webHttpEndpoint>

            <!-- Removed to support https (need to determine how to support it!) -->

            <!-- <standardEndpoint name="" maxReceivedMessageSize="16777216" maxBufferSize="16777216"> -->

        </webHttpEndpoint>

    </standardEndpoints>

    <behaviors>

        <serviceBehaviors>

            <behavior name="">

                <!—Changed to support HTTPS  -->

                <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />

                <serviceDebug includeExceptionDetailInFaults="true" />

            </behavior>

        </serviceBehaviors>

    </behaviors>

    

</system.serviceModel>

 

  • Save and close the config file.
  • Start the web site.

Update the workstation registry if only TLS 1.2 is allowed

  1. On the METCAL workstation, have IT open Registry Editor
  2. Add a registry key to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 named SchUseStrongCrypto with a value of 1

    mceclip1.png

Update the MET/TEAM Server URL in METCAL Runtime

  1. Open METCAL Runtime
  2. Click the CONFIGURE tab
  3. Select Workstation Configuration
  4. Update the MET/TEAM Server URL field to the new https address you specified earlier