Connecting to a MATLAB® Production Server™ instance over HTTPS provides a secure channel for executing MATLAB functions. To establish an HTTPS connection with a MATLAB Production Server instance:
Ensure that the server is configured to use HTTPS.
Install the required credentials on the client system.
Configure the client's .NET environment to use the credentials.
Create the program proxy using the program's https:// URL.
At a minimum the client requires the server's root CA (Certificate Authority) in one of the application's certificate stores.
To connect to a server that requires client-side authentication, the client needs a signed certificate in one of the application's certificate stores.
To manage the client’s certificates, use makecert.
Create a secure proxy connection with a MATLAB
Production Server instance
by using the https:// URL for the desired program:
MWClient client = new MWHttpClient();
Uri secureUri = new Uri("https://host:port/myProgram")
MyProxy sslProxy = client.createProxy<MyProxy>(secureUri);sslProxy checks the application's certificate
stores to perform the HTTPS server authentication. If the server requests
client authentication, the HTTPS handshake will fail because the client
does not have a certificate.
To enable a client to connect with a server instance requiring client authentication:
Provide an implementation of the MWSSLConfig interface
that returns a valid client certificate collection.
Use the MWHttpClient constructor that
takes an instance of your MWSSLConfig implementation
to create the connection to the server instance.
Create the proxy using the program's https:// URL.
The MWSSLConfig interface has a single property, ClientCertificates,
of type X509CertificateCollection. Provide an implementation
that returns the client's certificates.
public class ClientSSLConfig : MWSSLConfig
{
public X509CertificateCollection ClientCertificates
{
get
{
X509Certificate2 clientCert = new X509Certificate2("C:\\temp\\certificate.pfx");
return new X509Certificate2Collection(clientCert);
}
}
}
Create a secure proxy connection with a MATLAB
Production Server instance
by using the constructor that takes an instance of your MWSSLConfig implementation
and creating the proxy with the https:// URL for
the desired program:
MWClient client = new MWHttpClient(new ClientSSLConfig());
Uri secureUri = new Uri("https://host:port/myProgram")
MyProxy sslProxy = client.createProxy<MyProxy>(secureUri); sslProxy uses the local user trust store
to perform the HTTPS server authentication. If the server requests
client authentication, the client passes the certificates in the collection
returned by your implementation of the MWSSLConfig interface.
The .NET ServicePointManager.ServerCertificateValidationCallback property
allows you add extra layers of security to:
Disable SSL protocols to protect against the POODLE exploit.
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12; MWClient client = new MWHttpClient();
Perform alternate hostname verification to authenticate servers when the URL hostname does not match the certificate's hostname
Ensure that the client shares data only with specific servers
The ServerCertificateValidationCallback property
is a delegate that processes the certificates during the SSL handshake.
By default, no delegate is implemented, so no custom processing is
performed. You can provide an implementation to perform any custom
authorization required.