Promotic

PmHttpConfig.exe - configuration of HTTP service for PROMOTIC Web servers (HTTP and HTTPS)

In order to use the HTTP service (for the HTTP protocol, but especially for the HTTPS protocol) it is necessary to configure the Windows OS. The HTTP service is a part of the Windows OS and there are Windows OS tools and commands for configuration. However using the Windows OS tools for HTTP service configuration is not easy because it is necessary to use multiple tools and commands from the command line.
 
In order to simplify the configuration for PROMOTIC users, the PmHttpConfig.exe (\Promotic\Tools\PmHttpConfig\PmHttpConfig.exe) HTTP service configuration utility is supplied with the PROMOTIC system. This utility allows complete service configuration, from permission settings of the PROMOTIC system to access the HTTP service, to import and management of certificates for the HTTPS protocol.

1. Permissions to run PROMOTIC Web servers (HTTP or HTTPS)

In order to communicate with the HTTP service, the Windows user, in whose context the PROMOTIC application with Web server is running, must have the corresponding permissions. Each Windows application is running in context of some Windows user (most commonly the user that is currently logged in and launched the application). Administrators group members always have the permission to run the HTTP service, therefore it is not necessary to authorize it. Other users must be authorized namely.
For each Web server running on current computer (protocol, domain, port and relative path) there must be a list of authorized Windows groups and users. The configurator is therefore represented by a list of Web servers authorized on the computer based on the HTTP service. Each row represents one configured and enabled Web server. The present row does not mean that the Web server is currently running. The row means that the Web server (on specified address, port and protocol) is allowed to run. The Web server itself is launched by the corresponding application, e.g. PROMOTIC application. Caution! There is a number of system configured Web servers in Windows OS, that are in the list and it is not recommended to delete them without the exact knowledge.
The corresponding buttons can be used for adding, editing and deleting configured Web server.
"Web server" tab:
The tab serves for setting configuration of the corresponding Web server. The typical Web server configuration is http://+:80/ and https://+:443/.
Web serverConfigured Web server written in the syntax that is used by the HTTP service. The value cannot be directly edited, but is created by following configurators.
ProtocolSpecifies the Web server protocol type (HTTP or HTTPS).
DomainSpecifies the domain (by computer name, IP address or additional characters + and *) of the Web server.
(+) All domains (strong wildcard) (recommended value) - All possible domains in the context of this protocol, port and relative path. Together with empty relative path, this is a recommended setting, that ensures that there is only one Web server running on a single TCP port.
(*) Other domains (weak wildcard) - Domains in the context of the protocol, port and relative path, that have not been asociated so far.
Explicit domain name - Specific domain name entered in the next configurator.
TCP portSpecifies the TCP port of the Web server. For example 443.
Relative pathSpecifies the relative path of the Web server beginning with regard to domain and port. It is possible to define that the Web server does not start by the domain root and port, but in some subdirectory of domain and port. This way it is possible to use one domain and port by multiple Web servers (and applications) simultaneously. Usually this is an empty value (means that the Web server begins in the root of the domain and port) and the Web request for domain and port is processed by this Web server. Caution! For PROMOTIC Web server, it is necessary to leave the value blank, because the current PROMOTIC Web server must start by the domain root and port.
"Permissions" tab:
This tab serves for specifying the Windows users or groups authorized to run the corresponding Web server. This is a standard Windows OS tab for setting the user/group permissions (e.g. file acces rights setup etc.). Typical authorization setting for Web server is all allowed (Execute and Delegate) for Promotic users. Use the "Edit" button to modify the settings.
Group name or user nameA list of Windows users or groups and their permissions to run the Web server. It is necessary to enter the specific Windows user that will be running the PROMOTIC application with Web server. For example SafeOper component recommends the Promotic user.
Permissions for ...It allows to define the permissions to Execute and Delegate the current Web server for a specific Windows user or group, selected in the previous configurator (e.g. user Promotic). When setting up the permissions it is recommended to always set both permissions (Execute and Delegate) accordingly.

2. Certificates of PROMOTIC Web servers (HTTPS)

In order to configure the HTTP service so the Web server communicates by the HTTPS protocol, the digital certificate is needed, to sign the computer domain with running HTTPS Web server. See HTTPS - secured HTTP protocol.
For each HTTPS Web server running on the computer (IP address, port) a corresponding certificate must be set, in order to sign the domain with HTTPS Web server and allows the SSL/TLS encryption of the communication. The configurator is represented by a list of HTTPS Web servers authorized on the computer, that are based on the HTTP service. Each row represents one configured and enabled Web server. The present row does not mean that the Web server is currently running. The row means that the Web server (on specified address, port and protocol) is allowed to run. The Web server itself is launched by the corresponding application, e.g. PROMOTIC application.
The corresponding buttons can be used for adding, editing and deleting configured Web server.
"Web server" tab:
The tab serves for setting configuration of the corresponding HTTPS Web server including the certificate setup.
Any IP addressIf checked, then the Web server listens on all IP addresses of the computer (both IPv4 and IPv6) and the following configurators for entering IP address are disabled.
If not checked, then the Web server listens only on a specific address, that is defined by following configurators.
IP address typeSpecifies the IP address type of the HTTPS Web server: IPv4 or IPv6.
IP addressHTTPS Web server own IP address.
The address format must comply with the selected IP address type (IPv4 or IPv6). For example "192.168.1.2", "fe80:0000:0000:0000:0202:b3ff:fe1e:8329", "fe80:0:0:0:202:b3ff:fe1e:8329", "fe80::202:b3ff:fe1e:8329", "::1"
TCP portSpecifies the TCP port of the Web server. For example 443.
Available certificatesA complete list of certificates stored in Windows OS storage.
It is necessary to pick one certificate (left checkbox) and bind it with the corresponding IP address and TCP protocol.
The configurator also allows certificate management on the computer. The certificates can be imported and deleted. The advantage of importing such certificate in this configurator is that the certificate is imported into the Windows Registry into the computer branch and therefore is visible for the HTTP service. Caution! If the certificate is imported the default way (by left mouse button double-clicking the certificate file in Windows OS) the certificate is imported only to the branch of current user and will not be visible for the HTTP service.

History:
Pm8.01.00: Created
PROMOTIC 9.0.27 SCADA system documentation MICROSYS, spol. s r.o.

Send page remarkContact responsible person
Navigation:
 
- Web
 
- PmHttpConfig.exe
 
 
© MICROSYS, spol. s r.o.