* STEPS ALREADY DONE *

The starting point is a canned AWS Windows Server 2019 Datacenter with latest SQL Server Standard Edition 

Installed Chrome

Restored CW5 Database

Installed CW5 BT (No TLS or 2FA)
http://www.jprog.com/tools/frmwk4.5.2/Build980/RWCAREWareBusinessTierSetup.exe

Installed CW5 Client
www.jprog.com/tools/frmwk4.5.2/Build980/RWCAREWareClientTierSetup.exe

Configured incoming traffic to server for TLS (AWS specific) for when CW6 TLS gets configured

Installed OpenSSL
https://slproweb.com/products/Win32OpenSSL.html

Modified OpenSSL path envirnment var
C:\OpenSSL-Win64\bin

Setup DNS to point to the server (demo.jprog.net)

Installed Message Queueing for URN32.dll

* UPGRADING TO CW6 *

Backup CW5 DB

Get CW6 Bustiness Tier
www.jprog.com/tools/CW6/Build39/CWBTSetup.exe

Get CW6 HTTP Server
www.jprog.com/tools/CW6/Build39/CWHTTPSetup.exe

Remove CW5 BT

Install CW6 BT
www.jprog.com/tools/CW6/Build39/CWBTSetup.exe

Stop CW6 BT (if not already stopped)

Copy Folders and BusnessTierSettings.XML from CW5 to CW6

Start the Business Tier

Check BT log to see if Data Tier Updates are happening (this can take some time depending on the size of the DB)

Meanwhile install the HTTP server
www.jprog.com/tools/CW6/Build39/CWHTTPSetup.exe

Check the HTTP server log for errors and info

Check BT logs again

Configure the Windows Firewall (not gateway!) for traffic on port 8080

Login to CW6 using HTTP on localhost:8080
http://localhost:8080/careware/rs/index.htm

Demonstrate that the CW6 server cannot be reached over the internet


* THIS ENDS THE LOCAL NETWORK INSTALL *

* CONFIGURING CW6 FOR TLS AND 2 FACTOR AUTHENTICATION (2FA) *

Turn on 2FA

Convert a .pfx file to Apache style .crt and .key files
https://www.markbrilman.nl/2011/08/howto-convert-a-pfx-to-a-seperate-key-crt-file/
openssl pkcs12 -in yournamegoeshere.pfx -nocerts -out yournamegoeshere_enc.key
openssl pkcs12 -in yournamegoeshere.pfx -clcerts -nokeys -out yournamegoeshere.crt
openssl rsa -in yournamegoeshere_enc.key -outform PEM -out yournamegoeshere.key

Open the Windows Firewall on port 443

Configure the HTTP server for TLS

Configure gateway to route traffic from the internet (not part of this demo)

Test the connection

Check the TLS (why the B?)
https://www.ssllabs.com/ssltest/

Update .CRT with intermediate cert

We got an A!