Implementing SSL security for the Metasys Advanced Reporting System - Metasys - LIT-1201645 - MS-ADSxxx-x - MS-ADXxxx-x - Server - ADS Server - ADX Server - 13.0

ADS/ADX Commissioning Guide

Product
Building Automation Systems > Databases and Data Servers > ADS Server
Building Automation Systems > Application Servers > ADX Server
Document type
Commissioning Guide
Document number
LIT-1201645
Version
13.0
Revision date
2023-10-12
Product status
Active
Note: Make sure that you enable and configure proper certificate revocation, such as Online Certificate Status Protocol (OCSP) stapling. For more information about OCSP configuration refer to https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ocsp/5792b4c4-c6ba-439a-9c2a-52867d12fb66.

To implement SSL security for the Metasys Advanced Reporting System:

  1. Generate a certificate request and install the certificate.

    For more information on these steps, see the following address:

    http://technet.microsoft.com/en-us/library/cc771438(WS.10).aspx

  2. Configure the Metasys software to use HTTPS (SSL) and HTTP protocols on the computer where you plan to install the reporting system.
    1. In Control Panel, select System and Security, then Administrative Tools. On Administrative Tools, double-click Internet Information Services (IIS) Manager.
    2. In the tree in the left pane, browse to and expand Sites or Web Sites.
    3. In the right pane, right-click Default Web Site and select Edit Bindings. The Site Bindings box appears.
    4. Click Edit. Verify that the SSL port field contains 443 (Figure 1).
      Note: Port 80 must be open on the ADX for communication from other system devices. Verify that the TCP port entry is 80.
      Figure 1. SSL Port Field: 443
    5. Click OK.
    6. Close the IIS Manager window.
    7. Install the ADX software with Metasys Reporting.
    8. Using Windows Explorer, browse to: C:\Program Files (x86)\Johnson Controls\MetasysIII\UI\com\jci\framework
    9. Using a text editor, open frameworkproperties.properties.
    10. Update the advancedReportingURL setting line to use https: instead of http: so it appears like the following:

      advancedReportingURL=https://SERVERNAME/MetasysReports

    11. Save the file.
    12. Using Windows Explorer, browse to: C:\Program Files (x86)\Johnson Controls\MetasysReports
    13. Using a text editor, open services.config.
    14. Delete the comment tags from the file. Comment markers appear as <!-- and --> (Figure 2).
      Note: Do not delete the text between the comment tags. Delete all three sets of comment tags that appear in the file.
      Figure 2. Comment Tags
    15. Save the file.
    16. Close all Windows Explorer windows.
    17. On the Start menu, in the Run text box, type regedit.
    18. Click OK. The Registry Editor window appears.
    19. In the tree on the left, browse to HKEY_LOCAL_MACHINE > Software > Johnson Controls > Metasys > ADS.
    20. On the right side of the screen, double-click SSRSWebURL. The Edit String box appears.
    21. In the Value data field, add an s after http. The value should be: https://(ADx Server Name)/ReportServer (Figure 3).
      Figure 3. Edit String Box
    22. Click OK.
    23. Close the Registry Editor.
  3. Restart the computer.
  4. Log in to the Metasys Advanced Reporting System UI.

    The UI should open correctly and the URL in the browser window should have the https: prefix.