INSTALLING YOUR SSL CERTIFICATE ON THE FILEHOLD SERVER ON WINDOWS 2008 X64 ON IIS 7

(1)

(2)

Suite 250 - 4664 Lougheed Highway Burnaby, BC, Canada V5C5T5, via email

[email protected], our website www.filehold.com, or call 604-734-5653.

FileHold is a trademark of FileHold Systems. All other products are trademarks or registered trademarks of their respective holders, all rights reserved. Reference to these products is not intended to imply affiliation with or sponsorship of FileHold Systems.

Proprietary Notice

This document contains confidential and trade secret information, which is proprietary to FileHold Systems, and is protected by laws pertaining to such materials. This document, the information in this document, and all rights thereto are the sole and exclusive property of FileHold Systems, are intended for use by customers and employees of FileHold Systems, and are not to be copied, used, or disclosed to anyone, in whole or in part, without the express written permission of FileHold Systems. For authorization to copy this information, please call

(3)

 The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate. You will need to insure that the common name submitted in the CSR is the correct domain name / FQDN that you intend to use the certificate for. For wildcard SSL certificates the common name should contain at least one asterisks (*) e.g.

(6)

 Enter Organization and Organization Unit. These are your company name and department respectively.

 Enter your City/locality, State/province and Country/region.

8. Click Next.

9. In the Cryptographic Service Provider Properties window, leave both settings at their

defaults (Microsoft RSA SChannel and 1024) and then click Next.

10. Enter a filename and location to save your CSR. You will need this CSR to enroll for your

IIS SSL Certificate.

(7)

12. When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form - including

---BEGIN CERTIFICATE REQUEST---to---END CERTIFICATE REQUEST--- 13. Click Next.

14. Confirm your details in the enrollment form and click Finish.

TO SAVE YOUR PRIVATE KEY

1. Go to Certificates snap-in in the MMC.

2. Select Requests.

3. Select All tasks. 4. Select Export.

2. SSL CERTIFICATE INSTALLATION: MICROSOFT IIS 7.X

1. Click Start and select Administrative Tools.

2. Start Internet Services Manager.

3. Click Server Name.

4. From the center menu, double-click the Server Certificates button in the Security

section.

(8)

6. This will open the Complete Certificate Request wizard.

7. Enter the location of your IIS SSL certificate (you will need to browse to locate your IIS

SSL certificate this file will be the certificate sent to you in a zip file and should be named

yourdomainname.crt ).Then enter a Friendly name. The friendly name is not part of the

certificate itself, but is used by the server administrator to easily distinguish the certificate. Click OK.

NOTE: There is a known issue in IIS 7 giving the following error “Cannot find the certificate

(9)

certificate is actually installed. Simply cancel the dialog and press F5 to refresh the list of server certificates. If the new certificate is now in the list, you can continue with the next step. If it is not in the list, you will need to reissue your certificate using a new CSR and replace this Certificate. Please use the instructions provided from your SSL provider for this task. 8. After the certificate has been successfully installed to the server, you will need to assign

that certificate to the appropriate website using IIS.

9. From the Connections menu in the main Internet Information Services (IIS) Manager

window, select the name of the server to which the certificate was installed.

10. Under Sites, select the site to be secured with SSL.

11. From the Actions menu), click on Bindings.

12. This will open the Site Bindings window.

(10)

14. Under Type , select https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The SSL Certificate field should specify the certificate that was installed previously.

15. Click OK . You now have an IIS SSL server certificate installed.

16. IMPORTANT!: You must now restart the IIS / the website to complete the install of the certificate

17. Once you have completed the above steps you will need to install the Root and

Intermediate certificates manually. For installation instructions on how to manually install the other Root and Intermediate Certificates that are sent with your web server that you

(11)

3. INSTALLING THE ROOT AND INTERMEDIATE CERTIFICATES

1. Please use the SSL certificates you have purchased from your certificate authority that provides sells SSL certificates.

2. Save these Certificates to the desktop of the web server machine.

3. Click Start, select Run, type mmc and click OK.

4. Click File and select Add/Remove Snap in.

(12)

6. Select Certificates from the Add Standalone Snap-in window and click Add.

7. Select Computer Account and click Next.

(13)

8. Select Local Computer and select Finish.

9. Close the Add Standalone Snap-in window and click OK.

10. Return to the MMC

TO INSTALL THE YOUR ROOT CERTIFICATE

1. Right click the Trusted Root Certification Authorities, select All Tasks, and select

(14)

2. The Certificate Import Wizard opens. Click Next.

(15)

4. When the wizard is completed, click Finish.

TO INSTALL THE INTERMEDIATE CERTIFICATE/CERTIFICATES

1. Right click the Intermediate Certification Authorities, select All Tasks, select Import.

2. Complete the CertificateImport Wizard again, but this time locating the intermediate

Certificate when prompted for the Certificate file.

NOTE: You will need to repeat this step for all the intermediate certificates that are sent to you.

3. Ensure that the Root certificate appears under Trusted Root Certification Authorities.

4. Ensure that the intermediate certificate / certificates appear under Intermediate

Certification Authorities.

5. Once these are installed you may need to restart the server.

(16)

2. Click Bindings and then edit the bindings as needed. You can remove the port 80 HTTP binding if you wish. We recommend this.

5. ENSURE SSL IS REQUIRED ON THE FILEHOLD APPLICATION

6. CHANGE WEB CONFIGS WITH FHINSTRUMENTATION TOOL

1. Launch the FHInstrumentation tool located at:

Program Files\FileHold Systems\Application Server\FH\FileHold\FHinstrumentation

2. Right-click and Run as Server or domain administrator account and remove the check

(17)

3. Select Change port, server name or protocol wizard and click Start.

4. Browse to find the Application Server Folder and then click Next. This locates the config

files so the FHInstrumentation utility can change them.

(18)

6. The tool will update all web.config files from http to https and will save about 15 minutes of work with Notepad or Notepad ++.

7. Click Update to finish the procedure.

(19)

9. Click Finish.

10. Restart World Wide Web Service in Services.msc control panel or go to control panel and select services and restart it there.

7. TESTING YOUR SSL CERTIFICATE

1. Change all Web Client short cuts to HTTPS and FDA connection URL’s to HTTPS and try to login.

2. Testing with Web Client:

 Do a test of search, adding a document, checking out a document, checking in a

document, launching and completing a workflow (if you use this optional module). 3. Testing with Desktop Client:

 Repeat the same test. Do a test of search, adding a document, checking out a