How to Configure WSI to use HTTPS
Prerequisites
These directions will only work and are supported by HIMSA with Noah System 4.14 and newer
The HIMSA member company providing the WSI-enabled business system is responsible for obtaining, installing, and configuring SSL certificates. This is not a feature provided by HIMSA.
HIMSA assumes that the HIMSA member company has technical experience with SSL certificates. HIMSA will not be able to provide support with SSL certificates. However, the below “HIMSA Test Set-Up” provides information on how HIMSA sets up the sample BES in a local area network in order to test secure communications.
If the Business System wishes to receive encrypted data from Noah then it must install an SSL certificate on the devices that Business System resides on.
Ensuring that proper DNS names are set up within the network is the responsibility of the Business System developer.
If the Business System wishes to send encrypted data to Noah then it must install an SSL certificate on the PC that the Noah Server resides on.
Noah Client workstations exchange data with the Noah Server and this exchange is encrypted by a process that HIMSA is in charge of.
Noah System 4 Server Configuration
Prerequisites port 8000
The SSL Certificate must be installed
Bind the SSL Certificate to port 8000, See appendix A for more details.
netsh http add sslcert ipport=0.0.0.0:<port> certhash=<your certificate thumprint> appid=<Your app id>Example:
netsh http add sslcert ipport=0.0.0.0:8000 certhash=f343cd172f6a250047cd26bdf0ffc4eac52ae3dc appid={cb66b486-c664-4219-bc74-491664b6f084}To confirm binding run
netsh http show sslcert ipport=0.0.0.0:8000
Steps For Setting UP Noah WSI:
1.) Install Noah System 4.14.
2.) License Noah System. Both Noah license and WSI license must be installed on the Noah Server.
3.) Run the WSI Installer.
https://www.himsa.com/members-2/web-service-integration-website/
4.) Do not reboot at this time. You will have to reboot after the next section.
5.) Set WSI to use the configuration file.
*NOTE: It is not possible to set the “UseConfigurationFile” to true during the WSI installation. These steps must be done through the NoahBSIntegServerTool.
A.) Use NoahBSIntegServerTool.exe to enable direct support for using configuration files when setting up endpoint. The NoahBSIntegServerTool can be found here, C:\Program Files (x86)\HIMSA\Noah 4
B.) Select “Window->Configuration->Web Service Settings” and change the “UseConfigFile” to “True.”
C.) Next, still in the NoahBSIntegServerTool, navigate to “Window->Configuration->Patient Record Transfer Settings” and change the “UseConfigFile” to “True.”
When the value is true all endpoints are read from the configuration file NoahWebIntegration.dll.config, when false there is no change in behavior.
With the “UseConfigFile” parameter set to “True,” the endpoints will be created using NoahWebIntegration.dll.config configuration file. This configuration file must then be set up for both data coming into and out of Noah.
Making this change will require PC hosting the Noah Server Installation to be rebooted.
After you reboot for the configuration file changes and the machine has come back up, launch Noah System. You will be required to reboot again for the WSI installation and settings to take affect in Noah System.
6.)Edit the NoahWebIntegration.dll.config file.
Manually edit the configuration file C:\ProgramData\HIMSA\Noah\ConfigFiles\NoahWebIntegration.dll.config
Line 48
<add baseAddress="https://<DNS of Noah Server>:8000/Noahbsintegserver" />
Example
<add baseAddress="https://TN3.localnoah.net:8000/Noahbsintegserver" />
61
<add baseAddress="https://<DNS of Noah Server>:8000/Noahbsintegserver" />
Example
<add baseAddress="https://TN3.localnoah.net:8000/Noahbsintegserver" />
71 - Only necessary business system backed section is utilized (next section of this document)
<endpoint address="https://<DNS of Member Company back end machine>:8001/NoahBSOtherEnd" binding="basicHttpBinding"
Example - Note the member company back end is on the same machine as the Noah Server in this example.
<endpoint address="https://tn3.localnoah.net:8001/NoahBSOtherEnd" binding="basicHttpBinding"
7.) Reboot the PC or restart the NoahServer Service. The setup is complete.
How to Test
1.) Use the below links (with the address updated to your situation). If successful then XML text will be displayed. If not successful try the URL address with HTTP only. If a response is received then the connection has not be configured correctly to be secure.
Using a standard web browser navigate to the following URL
https://<DNS Name of Noah Server>:8000/Noahbsintegserver?wsdl
Example
2.) Another way to test is to use the HIMSA Sample Backend Simulator(BES). Please see “How to test” under the NOAHBSPatientRecordTransferIntegServer Endpoint section. The HIMSA Sample BES’s NoahBSOtherEnd.exe.config must be updated for these test steps to work.
Download for HIMSA Sample BES https://www.himsa.com/members-2/web-service-integration-website/
Business System Setup (Backend)
Prerequisites port 8001
The SSL Certificate must be installed
Bind the SSL Certificate to port 8001, See appendix A for more details.
To confirm binding run
Below is the configuration file NoahBSOtherEnd.exe.config that is used by the Noah 4 Business System Integration Backend Simulator that HIMSA provides as part of the WSI SDK.
By default, the configuration file is set up so that HTTP communication is used. If you have requirements for HTTPS then you must:
remove the comment for lines 170-180
comment out the http service section 153-163
Depending on your requirements review current DNS names for the following entries:
a.) Line 128
<endpoint address="<https://<DNS> of Noah Server>:8000/Noahbsintegserver" binding="basicHttpBinding"
Example: <endpoint address="https://tn3.localnoah.net:8000/Noahbsintegserver" binding="basicHttpBinding"
b.) Line 138
<endpoint address="<https://<DNS>> of Noah Server>/NOAHBSPatientRecordTransferIntegServer"
Example: <endpoint address="https://tn3.localnoah.net:8081/NOAHBSPatientRecordTransferIntegServer"
c.) 176
<add baseAddress="https://<DNS> of Noah Server>:8001/NoahBSOtherEnd"/>
Example: <add baseAddress="https://tn3.localnoah.net:8001/NoahBSOtherEnd"/>
NOAHBSPatientRecordTransferIntegServer Endpoint
Not yet Documented
How to Test
Below are test steps on how to verify that WSI was correctly configured to use HTTPS. The test steps will require the HIMSA Sample BES.
*NOTE: The steps above to update the NoahBSOtherEnd.exe.config must have been completed to preform these test steps.
1.) Launch the HIMSA Sample BES with the -C parameter.
a.) An easy way to do this is create a shortcut for the NoahBESOtherEnd.exe. Add “ -C” to the end of the target. The -C parameter must be added for the HIMSA Sample BES to run as https.
Example: I download and extracted the Sample BES zip in my downloads directory. So the path of the Target with the added “ -C” is below.
2.) Now launch the HIMSA Sample BES by selecting the new shortcut you created with the “ -C” parameter.
3.) Now launch Noah System
4.) In Noah System create a new patient record and save it. Close Noah System.
5.) Switch to the Sample BES. It could take 10 to 20 seconds but the patient record should appear in the Sample BES.
6.) Right Click on the import data entry on the Sample BES. Select “Copy XML to clipboard.”
7.) Open Notepad and paste the XML into Notepad.
8.) Now update the xml. Change the first name and the last name. Change the BESPID.
9.) Copy the updated XML.
10.) On the Sample BES select the “Export 2 Noah” button. Paste in the updated XML and select OK.
11.) Open Noah System.
12.) Verify the New patient record you created in step 8 appears in the Noah Patient List.
13.) Select this new patient so that it is the active patient record in Noah System.
14.) Launch the Noah 4 Audiogram Module, create a new audiogram and save it.
15.) Close Noah System.
16.) Switch to the Sample BES, the “import” of the audiogram data will appear.
17.) Right Click on the import data entry on the Sample BES. Select “Copy XML to clipboard.”
18.) Open Notepad and paste the XML into Notepad.
19.) In the XML find one of the Audiogram curves and update a point or two.
20.) Copy the updated XML.
21.) On the Sample BES select the “Export 2 Noah” button. Paste in the updated XML and select OK.
22.) Open Noah System.
23.) Verify the audiogram you create in the sample BES appears in your patient record. The Action description will say “Business System.”
24.) Finally open up the Noah 4 Audiogram module on this audiogram action. You will see the updated points you changed in step 19.
Another way to test is to use the links below (with the address updated to your situation). If successful then XML text will be displayed.
| HTTPS | HTTP |
|---|---|---|
Noah server | ||
Business System (Backend) | ||
Patient record transfer into Noah System | https://tn3.localnoah.net:8081/NOAHBSPatientRecordTransferIntegServer?wsdl | http://tn3.localnoah.net:8081/NOAHBSPatientRecordTransferIntegServer?wsdl |
Appendix A: Binding a Certificate to a Port
It is assumed that the certificate is in the Windows certificate store (search for “mmc certificates import” in order to import a certificate).
Double click on the certificate, choose the “Details” tab, choose “show <all>”, scroll to thumbprint. Copy the thumbprint to e.g. the clipboard or a file.
Bind certificate to port:
Example:
The thumbprint is the one copied from the certificate. Appid is a GUID (online GUID generators are available on the internet). The Appdi can be any ID, Noah is not looking for a specific AppID
Delete certificate port binding:
To show certificate on port:
To show certificates on all ports
Show all namespaces
Display Port reservations:
Commands that are nice to know when working with port binding (run a command prompt as administrator):