• No results found

Implementing an SSL security on AppliDis Servers running under Windows 2008 Server R2

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Implementing an SSL security on AppliDis Servers running under Windows 2008 Server R2"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

Implementing an SSL security on

AppliDis Servers running under

Windows 2008 Server R2

Fiche IS00265

Version 1.00

Limited diffusion: Systancia, membership of the program AppliDis Partners and clients or prospects of Systancia or of membership of the program AppliDis Partners.

(2)

Table of Contents

1 Introduction ... 3

2 Settings... 3

2.1 Self-Signed Certificate creation ... 3

2.2 Adding a new binding ... 5

2.3 Require SSL to connect to the user web portal and to the AppliDis Administration Console ... 7

(3)

1 Introduction

This technical sheet presents the process to follow to setup an SSL security on an AppliDis Administration Server or AppliDis Presentation Server running under Microsoft Windows 2008 Server R2.

In this document, a self-signed certificate will be used to secure IIS. In an enterprise environment, the SSL certificate needs to be issued by a public certification authority, or by the Active Directory services.

2 Settings

2.1 Self-Signed Certificate creation

In order to implement an SSL certificate on IIS, follow the steps below:

1. On the AppliDis server on which the SSL security must be implemented, open the IIS management console by clicking on "Start", then "Run", and entering "InetMgr.exe".

2. Once the IIS management console is opened, select the AppliDis server’s hostname in the left pane, and click on "Server Certificates" in the IIS functionalities displayed in the right pane.

Figure 1 - Server Certificates entry within IIS management console 3. In the "Server Certificates" menu, click right in the tab, and select the entry

(4)

Figure 2 - Self-Signed Certificate creation

4. Enter a friendly name for this self-signed certificate and press on "OK".

(5)

2.2 Adding a new binding

To allow IIS to accept connection on another port as "80" (default HTTP port), a new binding needs to be added.

1. In the IIS management console, select the default web site in the left pane, and then click on "Bindings" in the right pane:

Figure 4 - Adding a new binding – Step 1 2. Click on "Add".

Figure 5 - Adding a new binding – Step 2

(6)

3. Select "HTTPS" in the drop down list "Type", and select the SSL certificate you want to use for this new binding.

Figure 6 - Adding a new binding – Step 3

4. After this new binding has been added, the IIS server must be reachable with HTTPS

Figure 7 - IIS server reachable using HTTPS

The IIS server does now accept HTTPS connections. However, it still accepts HTTP connections.

(7)

2.3 Require SSL to connect to the user web portal and to the AppliDis

Administration Console

Because a new binding has been added for the default web site in IIS, the server

accepts HTTP and HTTPS connections. In order to force usage of HTTPS to access to the virtual directory "AppliDis", follow the steps below:

1. In the IIS management console, select the virtual directory "AppliDis" in the left pane, and double click on "SSL Settings" in the middle pane:

Figure 8 - Require SSL - Step 1

2. Check the box "Require SSL" in the middle pane, and press on "Apply" in the right pane.

(8)

Note:

• After this modification has been applied, the IIS server does no more accept HTTP connection on the virtual directory "AppliDis".

• The SSL connection must only be required for the virtual directory "AppliDis". If it is applied on the others virtual directory, a communication issue can be encountered with the others AppliDis Servers.

3 Manual installation of a Self-Signed Certificate on a client

computer

If a Self-Signed Certificate has been used to setup the new binding on the default web site in IIS, this certificate must be installed on the client computers in order to allow the access to AppliDis with HTTPS, without obtaining a certificate error.

If the Self-Signed Certificate is not installed properly on the client computer, an error will while trying to access the IIS site using HTTPS.

Figure 10 - Server certificate error

For test purposes, the server certificate can be installed manually on the client computer. However, in enterprise environment, GPOs or other deploying tools can be used.

To manually install the server certificate on the client computer, follow the steps below: 1. Double click on the error message "Certificate Error" which is displayed on the top

of Internet Explorer when trying to access to IIS with HTTPS without having the appropriate certificate installed.

(9)

Figure 11 - IIS certificate error 2. Click on "View Certificates"

Figure 12 - IIS certificate error 3. Click on "Install Certificate…"

(10)

4. Click on "Next"

Figure 14 - Manuel installation of the SSL certificate - Step 2 5. Select the option "Place all certificates in the following store", and choose the

(11)

Figure 15 - Manuel installation of the SSL certificate - Step 3 6. Click on "Finnish"

Figure 16 - Manuel installation of the SSL certificate - Step 4 7. Click on "Yes"

(12)

Figure 17 - Manuel installation of the SSL certificate - Step 5

8. After the certificate has been installed on the client, the IIS server can be accessed using HTTPS:

(13)

References Keywords:

Reference:

Creation time: 07/19/2004 Last update: 27/01/2011

For any comment on this sheet, please send us an e-mail at info@systancia.com specifying the number of the sheet.

LEGAL NOTE

Copyright © Systancia 2010 – All rights reserved

The data provided in this document is provided for informational purposes. Due to this fact, it is not subject to any engagement from Systancia. This data can be modified without notice from Systancia.

The audience targeted by this document is users that have a good understanding of Microsoft Windows operating systems and principles. Systancia cannot be held responsible for the misuse of the AppliDis software. The use of this product is entirely at your own risk. All brand names and product & service names used in this document are registered trademarks, trade names, service marks or copyright. No permission is given for the use of such brand names and product & service names by any other person, and such use may constitute an infringement of the holder's rights, and are the property of their respective owners. In particular, Microsoft, Windows, Windows 2000, Windows 2003, Windows 2008 Server are branded by Microsoft Corporation in the United States of America and in other countries.

Systancia

Actipolis 3, Bât C11 3, rue Paul Henri Spaak 68 390 SAUSHEIM France

Phone: +33 3 89 33 58 20 Fax: +33 3 89 33 58 21

References

Download now ( PDF - 13 Page - 1.15 MB )

Related documents

SSL Guide. (Secure Socket Layer)

the self-signed certificate or pre-installed certificate onto Windows Vista ® , Windows ® 7 and Windows Server ® 2008 for users with administrator rights uu page 12 or Installing

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

A web site running on IIS has been developed to allow users to register themselves to the VM with their username and back-end (RADIUS or Windows) password, to do a DIGIPASS

CA Mobile Device Management 2014 Q1 Installing

For planned relay servers running Windows Server 2008 R2 (x64) with Internet Information Services (IIS) 7.5, set up the relay server for basic operations before you configure it

INSTALLING YOUR SSL CERTIFICATE ON THE FILEHOLD SERVER ON WINDOWS 2008 X64 ON IIS 7

window, select the name of the server to which the certificate was installed. Under Sites , select the site to be secured with SSL. From the Actions menu), click on

Set up SSL in Deployment Solution 7.5

*Note: On the Site Servers, the name on the certificate must match the name of the server in order to allow correct communication between clients and that server.*.. Set

Understanding SSL Certificates THAWTE IS A LEADING GLOBAL PROVIDER OF SSL CERTIFICATES

To make an SSL connection, a web server must have a digital certificate installed; this certificate utilizes the public and private keys used for encryption, and the certificate

DIGIPASS Authentication for Juniper ScreenOS

A web site running on IIS has been developed to allow users to register themselves to the VM with their username and back-end (RADIUS or Windows) password, to do a DIGIPASS

acquire GIM Suite System Requirements

Version Database Server Web and Licence Servers Windows Server 2012 R2 Recommended Recommended Windows Server 2012. Windows Server 2008 R2 Windows