There's no doubt your company data must be protected by invasion from hackers, ransomware, viruses and other outside threats. As Sage X3 consultants, we run across companies who are not properly set up. You would agree that connecting it to the public internet simply for ease of access is a poor idea. Instead, you should use an SSL (secure socket layer) connection with a certificate from a trusted Certificate Authority to protect the confidentiality and integrity of company data exchanged online.
Many companies use Sage X3 with Syracuse Web Server to access their data over the internet. This setup is great for ease of access to your data with no VPNs or remote desktop services required. However, making the connection open to the public internet exposes your web server and your data to attack. Security is a necessity, as organizations need to keep their data private and secure. There is a better way...
Setting up a SSL (secure socket layer) connection with a certificate from a trusted Certificate Authority protects the confidentiality and integrity of company data exchanged online. SSL is the standard security technology for establishing an encrypted link between a web server and a browser; this encrypted link will ensure that the data exchanged between the user and the web server is transmitted securely and remains private. Any Sage X3 exposed to the public internet should use SSL to secure its connection with the users and protect company data.
Use an SSL tool like OpenSSL to create a certificate request (*.csr file) and a private key (*.key file) on your Syracuse Server.
The installation of the Safe X3 Web Server component will create OpenSSL binaries in the Sage\SafeX3\Web\tools\SOFTS\HTTPD\bin folder. The exact path depends on the path specified during installation of the Web Server component.
• Open a Windows Command Prompt and run the following: set OPENSSL_CONF=C:\Sage\SafeX3\WEB235.2\tool\SOFTS\HTTPD\conf\openssl.cnf
• In the Windows Command Prompt, browse to the bin folder noted previously and run the following: openssl req -out myCompany.csr -new -newkey rsa:2048 -nodes -keyout myCompany.key (myCompany is the name of your company)
• The previous step will create a *.csr and a *.key file. Keep the key file in a secure location, as you’ll need it in the following steps.
• Send the certificate request (*.csr) file to a Certificate Authority of your choice. They’ll generate the certificate file (*.crt) and provide either send the file to you or offer access to download it.
Create the certificate to be used by Sage X3.
• Browse to Administration, Certificates, Certificates, and click +New certificates
• Provide the name used to reference the certificate information.
• Description is optional.
• In the Certificate section, drag/drop the *.crt file received from the certificate authority.
• In the Private Key section, drag/drop the *.key file generated in step 1b. Do not leave this section blank even though it is not marked as required.
• Enter a Passphrase.
• Leave the CA Certificates/Server sections blank unless you know why you’re entering values here.
• Click Save. If clicking Save does nothing, the private key and certificate files may not match. Sage X3 could also be detecting that the files are not valid or in the wrong format.
Configure the Sage X3 host to use SSL and the certificate created in the previous step.
• Have all users exit the system. Any users still logged in will be disconnected from the system during the following steps.
• Browse to Administration, Servers, Hosts, and click the pencil icon. If you have multiple hosts, choose the one marked as Started.
• Check the box for
• In the Server Certificates field, click the browse button and choose the certificate you created in step 3.
• You may leave the Port field unchanged (default is 8124) or change it to the industry standard of 443 for SSL. If the port is changed, your IT professionals will need to configure the network and firewall with the correct routing information for the newly defined port.
Warning: If there is a problem with certificate setup, the certificate files, or the port, you may be locked out of X3 after the Syracuse service restarts in the following step.
To prevent this from happening, you can add another connection and configure it to use another port by clicking on the blue plus symbol instead of modifying the original one. This way, Syracuse will be listening on two ports.
You would only enable SSL for one of these connections and ports. If there is a problem with the SSL configuration, you can fall back on the other connection and port which was not changed.
Click Save.
• You may or may not be prompted to restart the Syracuse service, but restart whether you’re prompted to or not.
• All users must be logged out or they will be forcefully disconnected.
• If the Syracuse service was restarted after responding to the prompt, it may not start automatically and will require you to do it manually.
• If the Syracuse service does not stop/start in a timely manner, use the Task Manager to end all node.exe processes. Once they are ended, you should be able to start the Syracuse service.
Contact us for more information about keep your data secure.
At Southeast Computer Solutions, we help growing businesses clarify their strategic needs every day. If you're trying to decide which solution suits your current and future needs, contact us today for a free consultation.
Southeast Computer Solutions is based in Miami, Florida, and has additional operations in Mexico. For over 30 years, we have positively impacted the success of small and mid-sized businesses with effective business management implementations that improve our clients’ operations. We listen, we are accessible, and we care. Learn more by visiting our website or calling 305-556-4697.
Another version of this blog was posted on Southeast Computers’ BLOG – on May 22, 2017 by Raul Cabarga – How to Use SSL in Sage X3
Photo courtesy of freedigitalphotos.net by Anusorn P nachol