ICA Manual Server Setup
The Patriot Utilities program contains tools to complete this setup automatically. See ICA Installation for more information.
These manual instructions are provided for cases where the utility tools are unavailable or manual setup is required.
The self-signed certificate generation utility below requires Windows 8.1 or newer. Users on older Windows versions will need to obtain a trusted SSL certificate from a 3rd party provider, or generate a self-signed certificate using another tool.
Patriot Server setup
Download ICA_Setup.zip and extract the included files. This includes setup scripts and configuration files for setting up ICA.
Data Service Configuration Changes
In the Patriot Data Service installation directory (typically C:\Program Files (x86)\Patriot Systems\Patriot Data Service\
) there is a configuration file, AppSettings.json
.
Take a backup of this file, then edit the config file using a text editor. You will usually need to run the text editor as administrator.
Add the following settings if they are missing, otherwise set their values:
{
"Api": {
"Port": 53725,
"TokenTimeout": 10,
"TokenIdleTimeout": 10,
"TokenSigningKey": ""
}
}
}
Port
The TCP port which the data service will listen for API requests on. Can be any available TCP Port.
TokenTimeout
The maximum number of hours which a user can be logged in, without being automatically logged out.
TokenIdleTimeout
The maximum number of minutes a user can be idle for, without being automatically logged out. Set to 0 to disable idle logout.
TokenSigningKey
A private key used to generate the login tokens used by the client. To generate a key, run the ICA_Password_Generator.ps1 script and it will output a key in the required format.
From a powershell console, run: Powershell -ExecutionPolicy AllSigned -File ".\ICA_Password_Generator.ps1"
SSL Certificate Configuration
The Patriot Data Service requires an SSL certificate to encrypt communication between the Data Service and the web server. This is a separate certificate than the one between the web server and the end-user customers. Since this is only used internally between the Patriot server and web server, a self-signed certificate can normally be used. A trusted certificate from a 3rd party provider can be used instead, if required.
Use the ICA_Setup.ps1 script to enable the SSL certificate on the data service port. This script should be run on the patriot server. The PortNo value below should match the APIServerPortNo value in the data service configuration file, as above.
Self Signed Certificate
From a powershell console, run Powershell -ExecutionPolicy AllSigned -File ".\ICA_Setup.ps1" -SelfSigned -DnsNames "patriotserver" -PortNo 9005
Update the DNS name and port number as needed. This will generate a self-signed certificate and configure the data service to use it. You will need to copy this certificate onto the web server, and add it to the trusted certificate store.
Existing SSL Certificate
The certificate must be installed on the patriot server, into the personal certificates section of the computer certificate store. View the details of the existing certificate, and copy the thumbprint.
From a powershell console, run Powershell -ExecutionPolicy AllSigned -File ".\ICA_Setup.ps1" -Thumbprint "7d 39 3e d0 66 7a 32 6e 4c bb 68 fc 5c 72 32 88 ff bc 27 d3" -PortNo 9005
Update the thumbprint and port number as needed. This will configure the data service to use the existing certificate.
Removing existing config
Use this if you need to remove an existing SSL certificate configuration.
From a powershell console, run Powershell -ExecutionPolicy AllSigned -File ".\ICA_Setup.ps1" -DeleteExisting -PortNo 9005
Update the port number as needed. This will not remove the certificate, it only removes the system bindings that allow the data service to use the port and certificate.