Configuring access to FAB applications over HTTPS

Many FAB applications contain a web server which supports HTTP REST API function calls. Modern versions of FAB applications support:

  • encrypted connections over SSL (HTTPS)
  • access restriction to REST API functions by using API Keys for users

Configuring access over SSL (HTTPS)

  • In the FAB Application find the settings for the web server and enable “HTTPS”
  • Create certificates as described below using OpenSSL, copy the files to local disk and enter the files into the configuration:
    • Certificate Authority: C:\fab\certificates\Root.pem
    • Server certificate: C:\fab\certificates\ServerCert.pem
    • Private key: C:\fab\certificates\ServerKey.pem
    • Passphrase: password used when creating certificate
  • Download necessary DLL files for HTTPS from here
  • Unpack the two DLL files from the downloaded libcrypto3.zip into the folder where the FAB application is installed Typically the correct folder would be “C:\Program Files(x86)\FAB Subtitle Database” or similar
  • Restart the FAB application and check the log for any possible problems in initialization of the HTTPS Web Server

Creating self signed certificates using OpenSSL

  • Download and install OpenSSL from here. OpenSSL Light IS NOT sufficient, you will require the full version. You will require the 32 bit version if your FAB application is 32 bit. For 64 bit FAB applications you will require OpenSSL 64 bit

  • Download two files which are necessary to create certificates from here and unpack them, preferably into C:\fab\certificates

  • Open the file BuildCerts.bat and modify the following lines in the file and enter your correct information:

set BASE_DIR=c:\fab\certificates
set OPENSSL_BIN=c:\Program Files (x86)\OpenSSL-Win32\bin\
set OPENSSL_CONF=%BASE_DIR%\openssl.conf
set COUNTRY_CODE=XX
set CA_NAME=MyCAName
set ORGANIZATION_UNIT=MyOrganizationUnit
set ORGANIZATION=MyOrganization
set COMMON_NAME=fabcomputer.de.fab-online.com
set PASSPHRASE=password
set DAYS=730

Our file contains the following data:

set BASE_DIR=c:\fab\certificates
set OPENSSL_BIN=c:\Program Files (x86)\OpenSSL-Win32\bin\
set OPENSSL_CONF=%BASE_DIR%\openssl.conf
set COUNTRY_CODE=DE
set CA_NAME=My CA Name
set ORGANIZATION_UNIT=TeletextAndSubtitling
set ORGANIZATION=FAB
set COMMON_NAME=fabcomputername.de.fab-online.com
set PASSPHRASE=teletext
set DAYS=730
  • Store and then run the file BuildCerts.bat

  • You will need the following files which have been created in C:\fab\certificates: Root.pem, ServerCert.pem, ServerKey.pem

  • NOTE THAT CERTIFICATES EXPIRE AND YOU WILL HAVE TO CREATE NEW CERTIFICATES BEFORE EXPIRATION. THE VALIDITY IS SPECIFIED IN “set DAYS=730”

Using the REST API with access restriction by using API keys

  • In the FAB Application find the settings for the web server and enable “authentication with API key”
  • Create users. Two API Keys will be created automatically for every user
  • In the HTTP request one of the API keys has to be specified in the request header as “Authorization: APIKeyValue”