Set up HTTPS communication with the Remote Execution Service

Tosca Continuous Integration supports HTTPS communication between the Remote Execution Service and the Tosca Continuous Integration CIient (Tosca CI Client).

To enable HTTPS communication, follow the steps below:

  1. Navigate to the system.serviceModel section of the ToscaCIRemoteExecutionService.exe.config file. This file is located at %COMMANDER_HOME%\ToscaCI.

  2. Modify the baseAddress according to the following format: https://<server address>:<port>/ToscaRemoteExecutionService/.

    • Replace <port> with the port you want to use for HTTPS communication.

    • Replace <server address> with the IP address of your machine.

  3. Change the security mode from None to Transport.

  4. Make sure that serviceMetadata httpGetEnabled is set to true.

The example below shows sample modifications in the ToscaCIRemoteExecutionService.exe.config file:

<system.serviceModel>  
    <services>
        [...]
                <baseAddresses>
                    <add baseAddress="https://100.100.100.100:1234/TOSCARemoteExecutionService/" />
                </baseAddresses>
            [...]
    <basicHttpBinding>
        <binding name="BasicHttpBinding" receiveTimeout="infinite" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
            <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"  maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
            <security mode="Transport"/>
        [...]
            <serviceMetadata httpGetEnabled="true" policyVersion="Policy15" />
            [..]
</system.serviceModel>

  1. On the machine that runs the Remote Execution Service, bind a valid SSL certificate to the port you have specified in step 2.

    Use netsh in the command line: netsh http add sslcert ipport=0.0.0.0:<port> certhash=<certificatehash> appid={<guid>}

    • Replace <port> with the port you have specified in step 2.

    • Replace <certificatehash> with the hash of your valid SSL certificate. You can use any valid Globally Unique Identifyer (GUID) for the <guid> parameter.

    For further details, see the Microsoft Developer Network Documentation.