Configuring the POS Secure Connection (HTTPS)

The POS can be configured to allow a secure connection (HTTPS) with the Web, EOM, and ETS Servers. For more information, refer to Configuring a Secure Connection (HTTPS) when Using DSR Security.

Note

Ensure that the Use Https checkboxes were selected and the correct SSL ports were used refer to Connecting the In-Store Server to the Enterprise.

To configure a secure connection between the POS and Enterprise servers, follow these steps:

  1. Copy and import the Web Server SSL certificate to the POS.
  2. Add the SSL certificate as trusted in Microsoft Management Console (MMC).

Securing In-Store Communications

In-Store Communications are secured by importing a trusted certificate on each machine in the store, binding the certificate using Network Shell (Netsh), and configuring the Responsive UI Manger.

Note

One certificate is required per store because the DNS name may be different for each In-Store Server.

Prerequisites

  • The POS should be configured for TLS 1.2.
  • Ensure that the Use Secure Content Transfer Protocol (HTTPS) checkbox was selected when running the NCR Advanced Store POS Custom Input Creator. For more information, refer to Connecting the In-Store Server to the Enterprise.
  • Make sure that the current user is Administrator.

This task uses the following file.

File nameLocation
UIManager.Config.xml
  • For a system with a 32-bit OS: %PROGRAMFILES%\NCR\AdvancedStore\POS\HtmlPsxClient\config
  • For a system with a 64-bit OS: %PROGRAMFILES(X86)%\NCR\AdvancedStore\POS\HtmlPsxClient\config

To secure in-store communication, follow these steps: 

  1. Obtain a valid SSL certificate from your certification authority.
  2. Import the certificate to the Personal Store for the Local Computer using the Microsoft Management Console (MMC) snap-in, following Microsoft instructions. In the Certificates snap-in window, select Computer account.
  3. Add the certificate to the Trusted Root Certification Authority Store for the Current User using the MMC snap-in. In the Certificates snap-in window, select My User account.
  4. Retrieve the certificate thumbprint, following Microsoft’s instructions. Make a note of the hexadecimal characters without spaces.
    Example

    The thumbprint "a9 09 50 2d d8 2a e4 14 33 e6 f8 38 86 b0 0d 42 77 a3 2a 7b" is written as "a909502dd82ae41433e6f83886b00d4277a32a7b" when used in the binding.

  5. To bind the certificate, open a Command Prompt window as Administrator.
  6. At the command prompt, enter the following commands:
    1. netsh http delete sslcert ipport=0.0.0.0:5150
    2. netsh http delete urlacl url=http://*:18080/ASPOS/
    3. netsh http add sslcert ipport=0.0.0.0:18080 certhash=certhashvalue appid={34b6a5b8-7730-46cc-852c-ba3413673e15}, where certhashvalue is the certificate thumbprint.
    4. netsh http add sslcert ipport=0.0.0.0:5150 certhash=certhashvalue appid={CDBD4D40-8D89-4394-999F-2018F2A4F7B8}, where certhashvalue is the certificate thumbprint.

    If the POS application is not running as an administrator user, also run the following command:

    1. netsh http add urlacl url=https://*:5150/ user={domain}\{user}
  7. Open the UiManager.config.xml file.
  8. Locate the Config element for the WebSocketUrl and replace “ws” with “wss” in the value, as follows:

    <Config name="WebSocketUrl" value="wss://localhost:5150/"/>