Skip to main content
Version: 6.12

ICA Manual Server Setup

note

The Patriot Utilities program contains tools to complete this setup automatically. See ICA Installation for more information.

These manual instructions are provided for cases where the utility tools are unavailable or manual setup is required.

The self-signed certificate generation utility below requires Windows 8.1 or newer. Users on older Windows versions will need to obtain a trusted SSL certificate from a 3rd party provider, or generate a self-signed certificate using another tool.

Patriot Server setup

Download ICA_Setup.zip and extract the included files. This includes setup scripts and configuration files for setting up ICA.

Data Service Configuration Changes

In the Patriot Data Service installation directory (typically C:\Program Files (x86)\Patriot Systems\Patriot Data Service\) there is a configuration file, AppSettings.json.

Take a backup of this file, then edit the config file using a text editor. You will usually need to run the text editor as administrator.

Add the following settings if they are missing, otherwise set their values:

{
"Api": {
"Port": 53725,
"TokenTimeout": 10,
"TokenIdleTimeout": 10,
"TokenSigningKey": ""
}
}
}

Port

The TCP port which the data service will listen for API requests on. Can be any available TCP Port.

TokenTimeout

The maximum number of hours which a user can be logged in, without being automatically logged out.

TokenIdleTimeout

The maximum number of minutes a user can be idle for, without being automatically logged out. Set to 0 to disable idle logout.

TokenSigningKey

A private key used to generate the login tokens used by the client. To generate a key, run the ICA_Password_Generator.ps1 script and it will output a key in the required format.

From a powershell console, run: Powershell -ExecutionPolicy AllSigned -File ".\ICA_Password_Generator.ps1"

SSL Certificate Configuration

The Patriot Data Service requires an SSL certificate to encrypt communication between the Data Service and the web server. This is a separate certificate than the one between the web server and the end-user customers. Since this is only used internally between the Patriot server and web server, a self-signed certificate can normally be used. A trusted certificate from a 3rd party provider can be used instead, if required.

Use the ICA_Setup.ps1 script to enable the SSL certificate on the data service port. This script should be run on the patriot server. The PortNo value below should match the APIServerPortNo value in the data service configuration file, as above.

Self Signed Certificate

From a powershell console, run Powershell -ExecutionPolicy AllSigned -File ".\ICA_Setup.ps1" -SelfSigned -DnsNames "patriotserver" -PortNo 9005

Update the DNS name and port number as needed. This will generate a self-signed certificate and configure the data service to use it. You will need to copy this certificate onto the web server, and add it to the trusted certificate store.

Existing SSL Certificate

The certificate must be installed on the patriot server, into the personal certificates section of the computer certificate store. View the details of the existing certificate, and copy the thumbprint.

From a powershell console, run Powershell -ExecutionPolicy AllSigned -File ".\ICA_Setup.ps1" -Thumbprint "7d 39 3e d0 66 7a 32 6e 4c bb 68 fc 5c 72 32 88 ff bc 27 d3" -PortNo 9005

Update the thumbprint and port number as needed. This will configure the data service to use the existing certificate.

Removing existing config

Use this if you need to remove an existing SSL certificate configuration.

From a powershell console, run Powershell -ExecutionPolicy AllSigned -File ".\ICA_Setup.ps1" -DeleteExisting -PortNo 9005

Update the port number as needed. This will not remove the certificate, it only removes the system bindings that allow the data service to use the port and certificate.