Configuring HTTPS for K2 SmartObject Services

There is a quite good section at which describes what you have to do in order to enable HTTPS for K2 SmartObject Services – “Windows Authentication with SSL for K2 SmartObject Services”. This post is sort of recap of that section with few extra bits of information.

So first you have to edit K2HostServer.exe.config file (default location – Program Files(x86)\K2 blackpearl\Host Server\Bin) as follows:

  1. Change enableEndpoints=”false” to enableEndpoints=”true”
  2. Change scheme=”http” to scheme=”https”
  3. Change port=”8888″ to port=”8443″
  4. Change wcf binding=“wsHttpBinding” bindingConfiguration= “wsHttpBinding+Windows” to wcf binding=“wsHttpBinding” bindingConfiguration= “wsHttpBinding+HTTPS”
  5. Change rest binding=“webHttpBinding” bindingConfiguration= “webHttpBinding+Windows” to rest binding=“webHttpBinding” bindingConfiguration= “webHttpBinding+Windows+HTTPS”
  6. Change excluded all=”true” to excluded all=”false”

As usual changes made to this config file will be picked up with K2 service restart, but it is better to done additional configuration task before restarting it – see next step.

  1. Configure the URL Access Control List so that the service account can use the https url by issuing following command:
netsh http add urlacl url=https://[server]:8443/ user=[domain\ServiceAccountUsername]
  1. Next you need configure the SSL for the port by issuing the following command:
netsh http add sslcert ipport= certhash=[CertificateThumbprint] appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'

Here some comments may be necessary. For certhash value you have specify value of CertificateThumbrint property of a certificate which is being used for HTTPS binding of your K2 site:

IIS Bindings View Certificate Properties 01

IIS Bindings View Certificate Properties 02

You need to copy Thumbprint value from certificate properties and specify it as a value of certhash property of aforementioned command (no spaces). As for appid property you may use GUID suggested in K2 help article {4dc3e181-e14b-4a21-b022-59fc669b0914} though according to some sources random GUID can be specified (you can use any valid GUID, as it is only used to allow you to identify the binding later).

So in the end command should look similar to this (if you run this in CMD window you don’t need to include appid value into single quotes but you do need this if you run the same in PowerShell window):

netsh http add sslcert ipport= certhash=e202039fac0b424d624d14b18102973cc7e7889c appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'

There is an alternative way to get your K2 site SSL certificate thumbrpint with use of PowerShell:

Write-Host (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -match ""}).Thumbprint;
  1. Once all that has been done you can restart K2 service and validate the results by accessing the following url (adjust URL accordingly):

If you see a page similar to one on the screenshot below then you successfully configured HTTPS for K2 SmartObject Services.

HTTPS endpoints.xml

Further reading/additional details: How to: Use basicHttpBinding with Windows Authentication and TransportCredentialOnly in WCF from Windows Forms


  • Elvin says:

    Do you need to create a binding for port :8443 in IIS? I’m getting an error ERR_CONNECTION_REFUSED.Any tips would be appreciated!

    • Mikhail says:

      In this case no need – all steps you need to do covered in this blog post, rather you have to watch out that other site/binding not keeps this port busy or something like this (firewall etc.).

Leave a Reply

Your email address will not be published. Required fields are marked *