Enabling secure communications in memoQ server
Posted by Péter Botta on 03 June 2013 01:03 PM
If you are using memoQ 2013 or higher with memoQ server 2013 or higher, you can configure memoQ server to use a TLS encrypted communications channel, to ensure the security of the data transmitted between the server and memoQ clients. If you are using memoQ 2015 or higher with memoQ server 2015 or higher you have the choice either to use TLS or HTTPS to encrypt data transferred.
To use TLS or HTTPS you need to obtain an X.509 certificate from a certification authority. You can either purchase a certificate from a public certification provider, or, if you have an internal certification authority, you can issue a certificate using your internal certification authority, as long as all the Windows client operating systems running memoQ 2015 clients trust that certificate. For more information on obtaining a certificate, please refer to the document of either your public certification provider, or your internal certification authority. The Enhanced Key Usage section of the issued certificate has to contain:
I. Server Authentication (220.127.116.11.18.104.22.168.1)
memoQ server 2015 and higher
For memoQ server 2015 and higher use the memoQ Server Deployment Tool to configure the server to use TLS (Secure TCP) or HTTPS based encryption: click Advanced…/Configure server, and then go to the Network connections page of the „Configure server” dialog. Select the communication protocol you would like to use here. If you chose Secure TCP (which is for TLS) or HTTPS, you also need to select the certificate to be used by the protocol.
memoQ server 2013 and memoQ server 2014
To configure memoQ server 2013 or 2014 to use TLS encryption, you need to
1. Make sure the certificate is installed in the Personal store of the Computer account on the Windows Server running memoQ server 2013
2. Find the thumbprint of the certificate. To do this open the Certificates Microsoft Management Console snap-in, targeted at the Local Computer account. Locate the certificate in the Certificates (Local Computer)\Personal\Certificates container, and open its Properties dialog. Click the Details tab, and look for Thumbprint in the list of properties.
3. Edit C:\ProgramData\memoQ server\Configuration.xml, and add the <CertificateThumbprint>thumbprint of the certificate</CertificateThumbprint> tag under the PersistedServerConfig node, so that your Configuration.xml file will look something like this:
<?xml version="1.0" encoding="utf-8"?>
<SQLConnectionString>Data Source=localhost;Initial Catalog=MemoQServer;Integrated Security=True;Connect Timeout=300</SQLConnectionString>
<CertificateThumbprint>92 34 12 91 6c 08 60 e5 ae f3 cc 8a ef f5 7c ff ac c9 83 91</CertificateThumbprint>
4. Restart memoQ server 2013
Next time you connect to your memoQ server 2013, memoQ 2013 will automatically use an encrypted connection.