Page History

...

In order to create a secure HTTPS connector a keystore with a signed SSL Certificate is required. The created keystore needs to be added to the Tomcat server installation that is part of the Servoy Application Server, located in ../application_server/server. It's a best practice to place the keystore in the {servoyInstall}/application_server/server/conf/ directory. Note that the same keystore can be used to encrypt the traffic between Smart Clients and the Servoy Application Server. See #SSL SSL Encryption for more details.

...

Additionally, the value of the port attribute needs to be brought in sync with the value of the redirectPort attribute of the standard HTTP connector (or vise versa), as the redirectPort attribute on the HTTP connector is used to redirect HTTP traffic to HTTPS when required, see #Enforcing Enforcing HTTPS for all traffic. The value for the port can be any value. By default the redirectPort number on the HTTP Connector is set to 8443, but any value, including the default HTTPS port 443 is possible.

...

Two-Way socket mode provides a more robust communication mechanism between Smart Clients and the Servoy Application Server, where only the Smart Client initiates connections to the Application Server over the RMI port. This means that only the Smart Clients need to be able to access the Application Server and that the Application Server does not need to be able to connect to the client machine, like is required when using Direct Connection mode.
However, in case Java WebStart on the client machine is configured to connect through a proxy, Servoy will not be able to instantiate Two-Way socket and thus falls back to the Direct Connection mode, with the restrictions that come with Direct Connection mode. It is possible to configure Java WebStart on each client machine to not use a proxy, but this needs to be done on each individual machine and might conflict with other Java WebStart applications that do require the proxy settings. See #Java Java WebStart Proxy configuration for more info.

Within individual Smart Clients it's possible to turn off Two-Way socket through Preferences. When the user does so, the Smart Client will start to use Direct Connection. The Smart Client will error if the network criteria for Direct Connection mode to work are not met.

Note that disabling Two-way socket mode on the Application Server is pushed to all Smart Client, but when re-enabling Two-way socket on the Application server, this setting is NOT pushed to the Smart Clients. The user needs to manually enable TwoWay socket under Preferences in the Smart Client again.   

...

¹: SSL can also be turned off, but for security reasons it is advised to have SSL Encryption turned on when possible.See #SSL SSL Encryption for additional settings.

²: The Tunnel supports 2 modes, http and socket. These modes can either be used exclusively, by selecting either http or socket or the tunnel can be configured to allow both modes simultaneously, by selecting http&socket. When the latter is selected, #Profiles Profiles can be used to provide a way to Smart Clients to connect using either of the two modes.

...

The created keystore needs to be added to the Servoy Application Server installation. Best practice is to place the keystore in the ../application_server/server/conf directory. In this location the keystore is then also available to the Tomcat server underlying the Servoy Application Server and thus the same certificate can also be used for serving HTTPS content (see #Enabling Enabling HTTPS).

After making the keystore available to the Servoy Application Server, the Servoy Application Server needs to be told where the keystore can be found and configured to use it. The relevant settings are exposed under the Network Settings on the Servoy Admin page:

...

...