GSX Gizmo relies on several micro-services and external components; SQL, PostgreSQL, RabbitMQ, IIS (Internet Information Services). As this is all installed on the same machine, network communications between components generally do not need to be encrypted and, by default, are using port 80 over HTTP.
This article describes how to secure both the Gizmo Web UI and communications from the Robots to the Proxy Manager so that no clear text is exposed on the network.
We will use an SSL certificate and enable HTTPS to secure both user traffic accessing the GSX Gizmo UI website and internal traffic between Robots and the Proxy Manager using TLS ciphers to encrypt network communications.
Checking the certificate in IIS On the GSX Gizmo server:
- Open IIS Manager using Run - inetmgr.
- Select your IIS server.
- Go to Server Certificates.
- You should have a certificate with the Gizmo FQDN - gizmo.gsx.local in the examples below - as CN and with a valid path.
Enabling HTTPS on Gizmo site on the GSX Gizmo server:
- From IIS Manager, select your IIS server and Sites folder - GSX Gizmo site.
- Select Bindings link in Action menu.
- Click Add.
- Select https as type.
- Check that the configured port is 443.
Removing GSX Gizmo access via port 80:
- From IIS Manager, select the server certificate in the SSL certificate drop-down list.
- Click OK.
- Select the HTTP binding on port 80.
- Then click Delete.
- Click OK to confirm.
- Restart IIS server to apply the settings.
Updating the GSX Gizmo WebApp Port:
- Open the GSX Gizmo configuration page:
- example: http://localhost:9005
- Scroll down to the Gizmo WebApp section.
- Click the drop-down next to Protocol and select https.
- Change the port to 443.
- Scroll to the end of the page and click Submit to apply the change.
- Confirm the GSX Gizmo web interface responds over HTTPS:
- example: https://gizmo.gsx.local
Changing the Download URL link in Robot User Proxy Manager from the GSX Gizmo server
- Open registry editor via:
- Run - regedit
- Navigate to the HKLM\Software\Wow6432Node\GSX Solutions\Robot Manager Proxy key.
- Replace the existing http entry with https:
- example http://gizmo.gsx.local/downloads to https://gizmo.gsx.local/downloads
- Restart the Proxy Manager Windows Service via:
- Run - services.msc
You can now access the GSX Gizmo Web UI using HTTPS over 443 and the GSX Robots communicate via encrypted traffic over HTTPS.