Like other WebCC options, configuring WebCC to use SSL is done by using command line parameters when launching WebCC. To use WebCC with SSL, you must specify the -https parameter followed by the port WebCC should use for https connections, the certificate and key file.
The following are examples of parameters to use for configuring WebCC to use SSL:
If you have a PEM certificate and key file:
-https 8443 -key <path to PEM key file> -cert <path to PEM certificate>
If you have a PEM certificate and its private key in the same file, specify the same file using both the -key and -cert parameters:
-https 8443 -key <path to PEM certificate> -cert <path to PEM certificate>
If you have a PFX certificate, simply specify its path with the -pfx parameter:
-https 8443 -pfx <path to PFX certificate>
If you want to allow users to connect to your server via either http or https, you can do so by specifying a port number for each protocol:
-http 8080 -https 8443 -key <path to key file> -cert <path to certificate>
If you have a root certificate, an intermediate certificate, or both, you can specify each file preceded by the -ca parameter, in any order:
-http 8443 -key <path to key file> -cert <path to certificate> -ca <path to intermediate certificate 1> -ca <path to intermediate certificate 2> -ca <path to root certificate>
- Open the Start menu and, in the Programs menu, select Harmony 16.0 Premium > Tools > Control Panel.
- When prompted, allow Control Panel to make changes to your device.
In the Process Starter drop-down, select HarmonyStarter0-webcc.bat.NOTEThe number after HarmonyStarter may be different, depending on how many Harmony services were installed before this one.
- Click on Stop.
- Click on the Command Line field and press the End key to move the text cursor after webcc.bat.
After webcc.bat, add a space, then type each parameter you want to add, separated by spaces. For example, if you want WebCC to use the port number 8081, you would edit the line like so:
C:\Program Files (x86)\Toon Boom Animation\Toon Boom Harmony 16.0 Premium\win64\bin\webcc.bat -port 8081NOTEFor a list of parameters and their usage, see HTTPS/SSL Parameters Table.
- Click on Update parameters to save the command line parameters.
- Click on Start to restart WebCC.
- Make sure you are currently signed in as the user running the service.
In the notification tray, click on the Service Launcher icon.
The Service Launcher application opens.
- Select the WebCC tab.
- If you want to let any user connect to WebCC without credentials and have administrative privileges, uncheck the Authentication option. Otherwise, make sure it is checked.
- If you want to change the port used by the WebCC server, type the desired port number in the Port field.
If you want to specify any other option, type them in the Other Parameters field, separated by spaces.NOTEFor a list of parameters and their usage, see HTTPS/SSL Parameters Table.
In the top menu, select Server > Save All Settings.
- Click on the Stop button.
- Click on the Launch button.
The following parameters can be used to enable and configure SSL for your WebCC server.
-https <port number>
Enables connection to the server through the https protocol using the specified port number.
A commonly used port for accessing WebCC through the https protocol is 8443. For web browsers to access WebCC via https without specifying the port number—provided that the address of the server is preceded by https://—you can use port 443.
For https to work, you must either specify a pair of PEM format key and certificate with the -key and -cert option, or a PFX format certificate with the -pfx option.
-http <port number>
If access through the https protocol is enabled, this parameter allows you to also allow access through the http protocol through the specified port.
Using this parameter is optional. If the -https parameter is specified, but not the -http parameter, WebCC will only accept connections through https.
The default port for accessing WebCC through the http protocol is 8080. For browsers to access WebCC via http without specifying the port number, you can use port 80.
-key <key file>
The location of the private key file for the SSL session. This must be specified along with the -cert parameter.
The private key must be in Privacy Enhanced Mail (PEM) format, which is an ASCII format where the key is encoded in Base64 and located between -----BEGIN PRVATE KEY----- and -----END PRIVATE KEY----- tags. Typically private keys in this format have a .key extension.
-cert <certificate file>
The location of the security certificate file for the SSL session. This must be specified along with the -key parameter.
The certificate must be in Privacy Enhanced Mail (PEM) format, which is an ASCII format where the certificate is encoded in Base64 and located between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tags. Typically, such certificates have a .crt, .cer or .pem extension.
-pfx <pfx certificate file>
If you have a Personal Information Exchange (PFX) certificate, you can use this parameter to specify its location, instead of using a PEM certificate and key. Typically, such certificates have a .pfx or .p12 extension. Since these certificates include their own private key, specifying a key with this certificate type is not required.
-ca <root ca certificate file>
If you have a domain certificate that is signed by a certificate authority (CA), this parameter allows you to specify the root CA certificate and/or its intermediate certificates.
If you want to specify several certificates so as to compose the chain going from your domain certificate to the root CA certificate, you can repeat the parameter, like so:
-ca <intermediate certificate 1> -ca <intermediate certificate 2> -ca <root CA certificate>
Typically, you will be able to log on to WebCC using SSL from a Web browser even if WebCC is only configured with your domain certificate, provided that it is signed by a reputable certificate authority. However, if you want project collaborators to be able to use the Download Database Changes and Update Database Scene functionalities in Harmony via SSL, it may be necessary to specify the root CA certificates and/or its intermediates, as Harmony may not otherwise be able to recognize the authority of the CA who signed your certificate.
Typically, you can obtain the root CA certificates or intermediate certificates from the root certificate authority of the certificate authority who signed your domain certificate.
NOTEIf necessary, you can allow Harmony to trust the WebCC server even if it has a self-signed certificate—see Disabling SSL Certificate Validation for WebCC in Harmony.