Secure communications with Ranger Remote.

Started by Peter Goulette, September 05, 2019, 02:40:16 PM

Previous topic - Next topic

Peter Goulette

RangerRemote involves inter-process communication between a Ranger host application (Ranger Remote server) and a Ranger client running in a browser. The most commonly used method of portable inter-process communication with a browser is a websocket (WS) connection.

A websocket connection can be secure or insecure. A websocket secure (WSS) connection uses SSL certificates to secure data transmitted on the socket. WSS requires a SSL certificate at each end of the socket communications; a server certificate for the server, and a root certificate of authority (CA) for the browser.

In a typical installation, where Ranger Remote client and server are both installed on the same workstation, the workstation's local loopback address (127.0.0.1) is used for the WS/WSS.

Server Side Certificate and WSS
To setup Ranger Remote to use WSS, RangerRemote Server's configuration file (RangerServerConfig.ini) will need to be modified to specify the chosen secure port, typically 9003s, and the path to the server certificate.
Default Windows install ini location:
C:/ProgramData/Silver Bullet Technology/Ranger/Ranger Remote/RangerServerConfig.ini
Default Mac install ini location:
/Library/RangerRemote/RangerServerConfig.ini

To setup Ranger Remote for WSS:
1) Stop the Windows service or Mac daemon.
2) Edit RangerServerConfig.ini
3) In RangerServer.ini change value in section [Server Connection] of windows key ListeningPorts=9003s  (or other desired port, appended with a lower case. The client side (browser) will now need to point to this same port when attempting to connect.
4) In RangerServerConfig.ini, change value in section [Server Connection] of key
WIN: SslCertificatePath = C:\Program Files (x86)\Silver Bullet Technology\Ranger\Ranger Remote\Certificates\server.pem (or different path to server certificate file)
MAC: SslCertificatePath = /Library/RangerRemote/server.pem (or different path to server certificate file)
5) Save RangerServerConfig.ini
6) Restart Windows service or Mac Daemon.

Client Side/Web Browser Certificate Setup
Windows:
1) Use Windows command prompt by typing command in the Windows Start menu search field. Right click Command Prompt in the resultant list and choose Run as administrator.
2) Use certutil in the command prompt
certutil.exe  -addstore -f "Root" "[path][CA certificate name.pem]"
example:  certutil.exe  -addstore -f "Root" "c:\rootCA.pem"

OSX:
1) Open the Applications folder by either holding the command+shift+A keys or selecting from the top finder menu Go->Applications.
2) Navigate to the Utilities folder and select Keychain Access.app.
3) Open Keychain Access.app.
4) Ensure Category->Certificates is highlighted in the bottom left column.
5) Ensure Keychains->login is highlighted in the top left column.
6) Drag the client side certificate into the main window.
7) Right click the newly added certificate from the main Window and select Get Info.
8) Click the trust turnout and set Always Trust to SSL.