During installation you were asked to select the access protocol for the application as either HTTP or HTTPS. If you selected HTTPS then all communication between the browser and the application will be encrypted. Using HTTPS is recommended when installing InterFormNG2 as a server.
Please refer to the section, Certificates for limitations concerning the support of implementing certificates in InterFormNG2.
When you access the web interface, you will initially receive a warning that the certificate is not trusted. This is because InterFormNG uses a self-signed certificate by default.
To get rid of the warning, you need to purchase a certificate from a trusted provider and then configure InterFormNG to use the purchased certificate. The certificate must be imported into a keystore before it can be used. You can use the existing one (keystore/interformng2.p12) or create a new one.
Once you have the certificate in a store, you need to change a configuration file to point it to the new certificate. The configuration file is <INSTALL-LOCATION>/application-default.properties. On the windows platform the path is: C:\Program Files\InterFormNG2\application-default.properties
You need to modify the following configuration values:
server.ssl.key-store-type=PKCS12
server.ssl.key-store=keystore/interformng2.p12
server.ssl.key-store-password=password
server.ssl.key-alias=interform
trust.store=keystore/interformng2.p12
trust.store.password=password
Description:
server.ssl.key-store-type
The type of the store.
server.ssl.key-store
The path to the store file. If you place the file in a sub-directory of the install directory, then you can use a relative path.
If you specify the full path to the certificate file, then you need to specify a double backslash whenever you want to insert a backslash.
server.ssl.key-store-password
The password for the store.
server.ssl.key-alias
The alias for the certificate within the store. Some pfx files does not have an alias. If so, then you can comment this line out by preceeding it with #. This must fit the certificate alias. Please use the description below found via this link to identify the alias for your certificate.
trust.store
Same as server.ssl.key-store
trust.store.password
The password for the store.
After modifying the properties file, you need to restart the InterFormNG2 service in order for the changes to take effect.
Important: Please notice the hint for the alias below.
Switch from HTTPS to HTTP
If you want to switch from HTTPS to HTTP, then you should change the file: <INSTALL-LOCATION>/application-default.properties found in the path described above.
You need to change this:
1) All lines in the configuration file, which refers to server.* should be disabled (by preceding the command with #) or deleted.
2) The command line: jwt.secure.cookie=true should be changed into: jwt.secure.cookie=false.
After the change you should restart the InterFormNG2 service.
When you reconnect to InterFormNG2, then you might need to change the browser to run in incognito mode initially as the browser might have cached the connection as a secure connection only.
Here is how you can switch to incognito mode:
On your computer, open Chrome.
At the top right, click More
A new window appears. In the top corner, check for the Incognito icon:
You can also use a keyboard shortcut to open an Incognito window:
Windows, Linux, or Chrome OS: Press Ctrl + Shift + n.
Mac: Press 
+ Shift + n.
Identifiying the alias
You can find the alias for the certificate by running this command in the same directory as where the certificate file is placed in:
keytool -list -keystore myfile.pfx
Below we run this command to identify the alias of the interformng2.p12 certificate, which is shipped with InterFormNG2 - in this case we run it on the Windows platform.
So first we start the command prompt, change to the directory where the certificate is placed (in this case C:\Program Files\InterFormNG2\keystore) and then run the command as below. (You also need to type in the password for the certificate)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
C:\Program Files\InterFormNG2\keystore>keytool -list -keystore interformng2.p12
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
interform, Aug 30, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 7D:DC:93:1F:6F:B4:F7:18:4C:4C:E1:F3:AF:40:66:9E:7A:1A:AC:12:60:F1:C9:F7:1A:C4:86:9A:DD:FD:F6:7A
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
You can see the alias as the characters written to the left of the comma (,) in the line after: "Your keystore contains 1 entry". So in the example above the alias is interform as marked in bold.
Using a self-signed certificate
If you do not wish to purchase a certificate, then you should as a minimum replace the certificate with a self signed one that you create yourself. Since the default certificate is distributed with InterFormNG, anyone who has a copy would otherwise be able to decrypt your communication.
You can use the Java keytool to create a new keystore with a new self-signed certificate. To use the Java keytool you need to have Java installed.
keytool -genkeypair -alias interform -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore interformng2.p12 -validity 3650
Copy the generated file to <INSTALL-LOCATION>/keystore/interformng2.p12, overwriting the existing one. If you use these settings, then you do not need to modify anything in application-default.properties, however you do need to restart the InterFormNG service before it takes effect.
