71.25. How to activate the HTTP server

Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

a res:http

or

s act res:http

Add the HTTP resource.

or

If the resource already exists, set it active.

s p http act:yesEnable the HTTP runtime functionalities.
 Repeat the following commands for each user that you want to enable to HTTP.
a user:httpuser pwd:httpuser http:yesAdd the user httpuser and enable it to HTTP.
a http rights path:/sys/trfa/ user:httpuserEnable the httpuser to access the “IP traffic analyzer” link.
a http rights path:/sys/opc/ user:httpuserEnable the httpuser to access the “Operator Panel Control” link.
a http rights path:/sys/sms/ user:httpuserEnable the httpuser to access the “SMS Gateway” link.
a http rights path:/sys/cp/ user:httpuserEnable the httpuser to access the “Control Port” link.
a http rights path:/sys/admin/ user:httpuser recur:noEnable the httpuser to access the “Configuration information” link.
a http rights path:/sys/admin/groups/ user:httpuserEnable the httpuser to access the “Groups administration” link.
a http rights path:/sys/advuser/ user:httpuserEnable the httpuser to access the “Advanced User activities” link.
a http rights path:/sys/admin/users/ user:httpuserEnable the httpuser to access the “Users administration” link.
a http rights path:/sys/admin/lists/ user:httpuserEnable the httpuser to access the “Lists administration” link.
a http rights path:/sys/admin/disa/ user:httpuserEnable the httpuser to access the “DISA administration” link.
save confSave the configuration.

On a working Abilis, a system restart is required to make the HTTP resource running.

71.25.1. How to activate the HTTP over SSL server

Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

 Activate the HTTP server.
a res:ssl

or

s act res:ssl

Add the SSL resource.

or

If the resource already exists, set it active.

s p ssl act:yesEnable the SSL runtime functionalities.
s p http act-s:yesEnable the HTTPS runtime functionalities.
s p http sesnum-s:12Configure the number of HTTPS sessions
save confSave the configuration.

On a working Abilis, a system restart is required to make the SSL resource running.

[Note]Note

Verify that the SSL protocol is enabled in the Users and HTTP Virtual Paths Access Rights tables.

[17:53:34] ABILIS_CPX:d user:httpuser

Parameter:     | Value:
---------------+---------------------------------------------------------------
USER:               httpuser
ALIAS:              httpuser
ID:                 4    <Read Only>
PWD:                *******
ACT:                YES
GROUP:
CTIP:               #
CLUS:               #
OPC-ROLE:           USER
OPC-VIEW:           *
OPC-MONITOR:        NONE
HTTP:               YES
HTTP-HOME-URL:
HTTP-PROT:          PLAIN,SSL
-------------------------------------------------------------------------------

[15:12:54] ABILIS_CPX:d http rights

-------------------------------------------------------------------------------
ID: PATH:
       USER:                            FILE: DIR:  RECUR: PROT:
------------------------------------------------------------------------------
  3 /sys/opc/
       httpuser                         r---  l---  YES    PLAIN,SSL
-------------------------------------------------------------------------------
...

71.25.2. How to set the HTTP over SSL server to run using a 2048 bit SSL Public Certificate

  1. From Linux command line:

    test@test-PC:~$ openssl genrsa -des3 -out SRVSSL.KEY 2048
    Generating RSA private key, 2048 bit long modulus
    .......................................................+++
    ...........+++
    e is 65537 (0x10001)
    Enter pass phrase for SRVSSL.KEY:pwdssl
    Verifying - Enter pass phrase for SRVSSL.KEY:pwdssl
    test@test-PC:~$ openssl req -new -key SRVSSL.KEY -out SRVSSL.CSR
    Enter pass phrase for SRVSSL.KEY:pwdssl
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:IT
    State or Province Name (full name) [Some-State]:Roma
    Locality Name (eg, city) []:Roma
    Organization Name (eg, company) [Internet Widgits Pty Ltd]: Internet Widgits Pty Ltd
    Organizational Unit Name (eg, section) []:
    Common Name (e.g. server FQDN or YOUR name) []:test.ddns.net
    Email Address []:
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    test@test-PC:~$
  2. Go to https://www.sslforfree.com/ and type domain name in the field (e.g test.ddns.net), hit Create Free SSL Certificate and select Manual Verification, download the file, and copy the content of the downloaded file to Abilis CPX, as shown bellow:

    [08:07:38] ABILIS_CPX:sys create c:\8-4-3\pub\.well-known\acme-challenge\ 
    
    COMMAND EXECUTED
    
    [08:09:16] ABILIS_CPX:file put z c:\8-4-3\pub\.well-known\acme-challenge\smCR5g8JoyTIY8W5aHsnGd15FFgmn3i-75Abz5AtSY4
  3. Create permissions for HTTP to this folder:

    [08:12:10] ABILIS_CPX:a http path:/.well-known/ phys-path:"c:\8-4-3\pub\.well-known\"
    
    COMMAND EXECUTED
    
    [08:12:22] ABILIS_CPX:a http rights path:/.well-known/ user:anonymous
    
    COMMAND EXECUTED
  4. Go to https://www.sslforfree.com/ mark check box: I Have My Own CSR and insert the content of the SRVSSL.CSR (generated from Linux Command line) proceed to certificate generated by clicking Download SSL Certificate.

  5. Download All SSL Certificate Files. There a 3 file private.key (empty), certificate.crt and ca-bundle.crt.

  6. Create an srvssl.cer file with content of the certificate.crt and ca-bundle.crt (copy and paste).

  7. Coppy files SRVSSL.CER and SRVSSL.KEY (generated on Linux PC) to C:\APP\SSL directory on Abilis CPX.

    [08:20:59] ABILIS_CPX:file put z c:\app\ssl\srvssl.cer
    
    [08:21:55] ABILIS_CPX:file put z c:\app\ssl\srvssl.key

    and show to ssl resource path to this certificate:

    [08:18:15] ABILIS_CPX:s p res:ssl cert-path:c:\app\ssl\
    
    COMMAND EXECUTED
    
    [08:23:03] ABILIS_CPX:s p res:ssl PWDKEY-SRV:pwdssl
    
    COMMAND EXECUTED
    
    [08:23:21] ABILIS_CPX:init res:ssl
    
    COMMAND EXECUTED

71.25.3. How to set the HTTP over SSL server to run using a 4096 bit SSL Public Certificate

  1. Go to https://www.sslforfree.com/ and type domain name in the field (e.g test.ddns.net), hit Create Free SSL Certificate and select Manual Verification, download the file, and copy the content of the downloaded file to Abilis CPX, as shown bellow:

    [08:07:38] ABILIS_CPX:sys create c:\8-4-5\pub\.well-known\acme-challenge\ 
    
    COMMAND EXECUTED
    
    [08:09:16] ABILIS_CPX:file put z c:\8-4-5\pub\.well-known\acme-challenge\hH0JybhuaLSe7kWSGw6X7i2qJ0J33kkgv0PUKlq9OL8
  2. Create permissions for HTTP to this folder:

    [08:12:10] ABILIS_CPX:a http path:/.well-known/ phys-path:"c:\8-4-5\pub\.well-known\"
    
    COMMAND EXECUTED
    
    [08:12:22] ABILIS_CPX:a http rights path:/.well-known/ user:anonymous
    
    COMMAND EXECUTED
  3. Go to https://www.sslforfree.com/ . Proceed to certificate generated by clicking Download SSL Certificate.

  4. Download All SSL Certificate Files. There a 3 file private.key (empty), certificate.crt and ca-bundle.crt.

  5. Create an srvssl.cer file with content of the certificate.crt and ca-bundle.crt (copy and paste).

  6. From Linux command line:

    test@test-PC:~$ openssl rsa -des3 -in PRIVATE.KEY -out SRVSSL.KEY
    writing RSA key
    
    Enter PEM pass phrase: pwdssl
    
    Verifying - Enter PEM pass phrase: pwdssl
    test@test-PC:~$
  7. Coppy files SRVSSL.CER and SRVSSL.KEY to C:\APP\SSL directory on Abilis CPX.

    [08:20:59] ABILIS_CPX:file put z c:\app\ssl\srvssl.cer
    
    [08:21:55] ABILIS_CPX:file put z c:\app\ssl\srvssl.key

    and show to ssl resource path to this certificate:

    [08:18:15] ABILIS_CPX:s p res:ssl cert-path:c:\app\ssl\
    
    COMMAND EXECUTED
    
    [08:23:03] ABILIS_CPX:s p res:ssl PWDKEY-SRV:pwdssl
    
    COMMAND EXECUTED
    
    [08:23:21] ABILIS_CPX:init res:ssl
    
    COMMAND EXECUTED

71.25.4. How to set the HTTP over SSL server to run using a Self-Signed Certificate

  1. From Linux command line:

    test@test-PC:~$ openssl genrsa -out CLISSL.KEY 1024
    
    test@test-PC:~$ openssl req -new -key CLISSL.KEY -out CLISSL.CSR
    
    test@test-PC:~$ openssl x509 -req -days 5000 -in CLISSL.CSR -signkey CLISSL.KEY -out CLISSL.CER
    
    test@test-PC:~$ openssl genrsa -des3 -out SRVSSL.KEY 1024
    
    test@test-PC:~$ openssl req -new -key SRVSSL.KEY -out SRVSSL.CSR
    
    test@test-PC:~$ openssl x509 -req -days 5000 -in SRVSSL.CSR -signkey SRVSSL.KEY -out SRVSSL.CER
  2. Copy to Abilis CPX all 4 files generated in Linux command line:

    [09:23:20] ABILIS_CPX:file put z c:\app\ssl\srvssl.cer
    
    [09:24:29] ABILIS_CPX:file put z c:\app\ssl\srvssl.key
    
    [09:25:37] ABILIS_CPX:file put z c:\app\ssl\clissl.key
    
    [09:26:42] ABILIS_CPX:file put z c:\app\ssl\clissl.cer
    
    [09:27:43] ABILIS_CPX:s p res:ssl cert-path:c:\app\ssl\
    
    COMMAND EXECUTED
    
    [09:28:37] ABILIS_CPX:s p ssl PWDKEY-SRV:pwdssl
    
    COMMAND EXECUTED
    
    [09:29:19] ABILIS_CPX:init res:ssl
    
    COMMAND EXECUTED

71.25.5. How to change the default Abilis company logo

If you place a gif image in the directory C:\APP\HTTP\LOGO, it will replace the default Abilis company logo.

[Important]Important

The image must have name company_logo.gif. The image is shown 250x350 px.

Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

file put z c:\app\http\logo\company_logo.gifUpload the file with the file put command (Using the ZMODEM protocol).
[Tip]Tip

The image can be loaded, using also the FTP.