Secure communications with Ranger Remote
RangerRemote involves inter-process communication between a Ranger host
application (Ranger Remote server) and a Ranger client running in a
browser. The most commonly used method of portable inter-process
communication with a browser is a websocket (WS) connection.
A websocket connection can be secure or insecure. A websocket secure (WSS) connection uses SSL certificates to secure data transmitted on the socket. WSS requires a SSL certificate at each end of the socket communications; a server certificate for the server, and a root certificate of authority (CA) for the browser.
In a typical installation, where Ranger Remote client and server are both installed on the same workstation, the workstation's local loopback address (127.0.0.1) is used for the WS/WSS.
A websocket connection can be secure or insecure. A websocket secure (WSS) connection uses SSL certificates to secure data transmitted on the socket. WSS requires a SSL certificate at each end of the socket communications; a server certificate for the server, and a root certificate of authority (CA) for the browser.
In a typical installation, where Ranger Remote client and server are both installed on the same workstation, the workstation's local loopback address (127.0.0.1) is used for the WS/WSS.
Server Side Certificate and WSS
To
setup Ranger Remote to use WSS, RangerRemote Server's configuration
file (RangerServerConfig.ini) will need to be modified to specify the
chosen secure port, typically 9003s, and the path to the server
certificate.
Default Windows install ini location:
C:/ProgramData/Silver Bullet Technology/Ranger/Ranger Remote/RangerServerConfig.ini
Default Mac install ini location:
/Library/RangerRemote/RangerServerConfig.ini
To setup Ranger Remote for WSS:
- Stop the Windows service or Mac daemon.
- Edit RangerServerConfig.ini
- In RangerServer.ini change value in section [Server Connection] of
windows key ListeningPorts=9003s (or other desired port, appended with a
lower case. The client side (browser) will now need to point to this
same port when attempting to connect.
- In RangerServerConfig.ini, change value in section [Server Connection] of key
- WIN: SslCertificatePath = C:\Program Files (x86)\Silver Bullet
Technology\Ranger\Ranger Remote\Certificates\server.pem (or different
path to server certificate file)
- MAC: SslCertificatePath = /Library/RangerRemote/server.pem (or different path to server certificate file)
- Save RangerServerConfig.ini
- Restart Windows service or Mac Daemon.
Client Side/Web Browser Certificate Setup
Windows:
- Use Windows command prompt by typing command in the Windows Start menu
search field. Right click Command Prompt in the resultant list and
choose "Run as administrator."
- Use certutil in the command prompt
certutil.exe -addstore -f "Root" "[path][CA certificate name.pem]"
example: certutil.exe -addstore -f "Root" "c:\rootCA.pem"
example: certutil.exe -addstore -f "Root" "c:\rootCA.pem"
OSX:
- Open the Applications folder by either holding the command+shift+A keys
or selecting from the top finder menu Go->Applications.
- Navigate to the Utilities folder and select Keychain Access app.
- Open Keychain Access app.
- Ensure Category->Certificates is highlighted in the bottom left column.
- Ensure Keychains->login is highlighted in the top left column.
- Drag the client side certificate into the main window.
- Right click the newly added certificate from the main Window and select Get Info.
- Click the trust turnout and set Always Trust to SSL.
Ranger® - The universal check scanner interface
Copyright © 2023 Silver Bullet Technology
www.sbullet.com
www.sbullet.com
Related Articles
What is Ranger Remote?
Ranger® Remote is Silver Bullet's cross-platform/cross-browser solution for the Ranger Universal Check Scanner API™ family. Ranger Remote is a powerful tool, available on both Windows and MAC OS platforms, allowing browser-based applications to ...Why can't FireFox connect to Ranger Remote using WebSocket Secure?
If Ranger Remote is set to connect using WSS, Firefox will fail if the SSL Certificates (installed during Ranger Remote installation) are not installed properly within Firefox. Firefox does not use the Microsoft Cert Store like Edge, I.E., or Chrome. ...How can I install Ranger Remote using the Command Prompt?
You have the option of installing Ranger Remote through the Command Prompt with the following options: To install silently, use the option "/S" To install with WebSocket Secure (WSS) enabled, use the option "/WSS" To install with auto-start on PC ...Is there API documentation available for Ranger Remote?
Ranger Remote is an interfacing tool to allow web-based applications to communicate with Ranger. All Ranger API calls made available by Ranger Remote can be referenced in the provided Ranger.js file. When Ranger Remote is installed, the Ranger.js ...How do I properly unlock Ranger when using Ranger Remote?
In most cases, Ranger should be unlocked before installation of Ranger Remote: Install Ranger by running the Ranger installer Unlock Ranger using RangerFlex. Reference the following link for unlocking Ranger: How do I unlock my Ranger software? ...