Configuring HTTPS for K2 SmartObject Services

There is a quite good section at help.k2.com which describes what you have to do in order to enable HTTPS for K2 SmartObject Services – “Windows Authentication with SSL for K2 SmartObject Services”. This post is sort of recap of that section with few extra bits of information.

So first you have to edit K2HostServer.exe.config file (default location – Program Files(x86)\K2 blackpearl\Host Server\Bin) as follows:

  1. Change enableEndpoints=”false” to enableEndpoints=”true”
  2. Change scheme=”http” to scheme=”https”
  3. Change port=”8888″ to port=”8443″
  4. Change wcf binding=“wsHttpBinding” bindingConfiguration= “wsHttpBinding+Windows” to wcf binding=“wsHttpBinding” bindingConfiguration= “wsHttpBinding+HTTPS”
  5. Change rest binding=“webHttpBinding” bindingConfiguration= “webHttpBinding+Windows” to rest binding=“webHttpBinding” bindingConfiguration= “webHttpBinding+Windows+HTTPS”
  6. Change excluded all=”true” to excluded all=”false”

As usual changes made to this config file will be picked up with K2 service restart, but it is bettor to done additional configuration task before restarting it.

  1. Configure the URL Access Control List so that the service account can use the https url by issuing following command:

  1. Next you need configure the SSL for the port by issuing the following command:

Here some comments may be necessary. For certhash value you have specify value of CertificateThumbrint property of a certificate which is being used for HTTPS binding of your K2 site:

IIS Bindings View Certificate Properties 01

IIS Bindings View Certificate Properties 02

You need to copy Thumbprint value from certificate properties and specify it as a value of certhash property of aforementioned command (no spaces). As for appid property you may use GUID suggested in K2 help article {4dc3e181-e14b-4a21-b022-59fc669b0914} though according to some sources random GUID can be specified (you can use any valid GUID, as it is only used to allow you to identify the binding later).

So in the end command should look similar to this:

There is an alternative way to get your K2 site SSL certificate thumbrpint with use of PowerShell:

  1. Once all that has been done you can restart K2 service and validate the results by accessing the following url (adjust URL accordingly):

If you see a page similar to one on the screenshot below then you successfully configured HTTPS for K2 SmartObject Services.

HTTPS endpoints.xml

Further reading/additional details: How to: Use basicHttpBinding with Windows Authentication and TransportCredentialOnly in WCF from Windows Forms

Facebooktwittergoogle_plusredditpinterestlinkedinmail

2 thoughts on “Configuring HTTPS for K2 SmartObject Services

  1. Elvin

    Do you need to create a binding for port :8443 in IIS? I’m getting an error ERR_CONNECTION_REFUSED.Any tips would be appreciated!

    Reply
    1. Mikhail Post author

      In this case no need – all steps you need to do covered in this blog post, rather you have to watch out that other site/binding not keeps this port busy or something like this (firewall etc.).

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *