Preparing Certificates for Web Services

Scenario: You want to set up a Desigo CC project with the Web Services extension, to work with the mobile app. These certificates are required if you have a deployment configuration with a remote IIS web server, and you plan to secure communication between the IIS web server computer and the Desigo CC server computer.

NOTE: If you have a local IIS web server, or if you plan to leave the communication as Local (without certificates), you can skip this workflow.

 

Reference: For background information see the engineering reference section. For the main configuration workflow see Integrating the Mobile App.

 

Workflow diagram:

Prerequisites:

  • You installed the Desigo CC software and started up a project, in a configuration that includes an IIS web server. For background information see Mobile App Deployment Architectures.

 

Steps:

1 – On the Desigo CC Server Computer, Create a Root Certificate, Import it into the TRCA Store and Set it as Default
  1. On the Desigo CC server computer, start SMC.
  1. In the SMC tree, select the Certificate node.
  • The Certificates tab displays. This shows the currently configured default certificates (if any) for this Desigo CC installation.
  1. In the Certificates toolbar, click Create Certificate and select Create Root Certificate (.pfx).
  • GMS Root Certificate automatically displays in the Subject Name field.
  1. Change the subject name to a descriptive name, for example RootCertificate_WebServices.
  1. Complete the remaining fields to specify the root certificate (.pfx) and (.cer) file names, password, and path on disk.
  1. Click Save .
  • The root certificate files are created and saved at the specified path.
    NOTE: Keep a copy of these root certificate files and write down the password for use in the next steps.
  1. In the Certificates toolbar, click Import , select the Root certificate certificate type, browse to the (.cer) root certificate file created above, and select Set as default.
  1. Click Save .
  • The root certificate is imported into the TRCA store of the Desigo CC server computer, and set as the default. You will later need to import this root certificate into the TRCA store of the remote IIS web server computer. See Step 3 below.

 

2 – On the Desigo CC Server Computer, Create a Host Certificate for the Server, Import it into the Personal Store, and set it as Default
  1. In the Certificates toolbar, click Create Certificate and select Create Host Certificate (.pfx).
  1. In the Root certificate field, browse to the (.pfx) root certificate file created above and enter its password.
  • The full computer name of the server is automatically entered in the subject name field.
  1. Specify the (.pfx) and (.cer) host certificate file names, password, and path on disk.
  1. Click Save .
  • The server host certificate files are created and saved at the specified path.
  1. In the Certificates toolbar, click Import select the Host certificate certificate type.
  1. Browse for the (.pfx) host certificate file created above and enter its password.
  1. Select Set as default and Key is exportable.
  1. Click Save .
  • The server host certificate is imported into the Personal store of the Desigo CC server computer.

 

3 – On the Remote IIS Web Server Computer, Import the Previously-Created Root Certificate into the TRCA Store, and Set it as Default
  1. On the IIS web server computer, start SMC.
  1. In the SMC tree, select the Certificate node.
  1. In the Certificates toolbar, click Import .
  1. Select the Root certificate certificate type.
  1. Browse to the (.cer) root certificate file created in Step 1 above, and select Set as default.
  1. Click Save .
  • The root certificate is imported into the TRCA store of the IIS web server computer, and set as default.

NOTE: This must be the same root certificate that you imported into the TRCA store of the Desigo CC server computer.

Importing this certificate is necessary for the remote IIS web server to recognize the private CA host certificate of the Desigo CC server, which secures the communication between it and the IIS web server.