Introduction:
The following guide covers setting up HTTPS security for your WebAdvantage Site. Using https helps ensure user name and passwords, credit card information, and other sensitive data is encrypted during the use of WebAdvantage.
When should I enable HTTPS?
Always. While WebAdvantage can be run without enabling HTTPS, it is strongly recommended that it always be enabled. Especially whenever Active Directory authentication is used, and definitely when payments or Web Printing is enabled.
Setting up HTTPS with a Self-Signed Certificate
To create a Self Signed certificate on Server 2003, you first need to download and install the Internet Information Services (IIS) 6.0 Resource Kit Tools. Included in this resource kit, is a tool named SelfSSL.
1. Download IIS Resource Kit:
Browse to the Microsoft Download Center and download the Internet Information Services (IIS) 6.0 Resource Kit Tools.
Direct Link verified as of 8 August 2012: http://www.microsoft.com/download/en/details.aspx?id=17275 |
2. Install IIS Resource Kit:
Install this resource kit on the Windows 2003 Server where WebAdvantage has been installed. Once done you should see the resource kit tools listed within the folder named IIS Resources.
3. Determine Website ID by Checking the Logging Properties:
Next you will need to determine the Website ID that WebAdvantage is installed on. In most cases this will be 2, however this can easily vary quite a bit and the below steps should be followed. There is no easy way to get the ID, but these steps provide the simplest method available.
a. Open the IIS Manager from within Administrative Tools
b. Within IIS, browse the Web Sites folder and locate the site named PMP. Once found right click on this site to locate its Properties.
c. Inside the properties to the site, you will need to click on the Properties within the logging section of the Website tab.
d. Once you are on the properties page, you will need to look at the very bottom, and check for the Log File Name label. Right next to it will list a path and a log file name. The number portion of this log file name will be the ID. In the below example 2 is the Website ID:
W3SVC2exyymmdd.log
4. Run the SelfSSL tool to Create and Install a Certificate:
The following steps will guide you through running this tool against the site from the previous section.
a. Open the Command Prompt to the SelfSSL tool folder. This can be specifically launched from the start menu at ALL Programs > IIS Resources > SelfSSL > SelfSSL
b. Next you will need to run the command below to create and install the certificate. Below explains each item you need to format along with a highlighted sample showing what to change.
Sample from Command Prompt:
Browsing the site using HTTPS:
After this has been installed, the HTTPS version of the site can be browsed by the following URL.
https://SERVERNAME:48111/WebAdvantage
Enabling WebAdvantage's Auto-Redirect:
If you are using WebAdvantage version 1.2.03 or later, then you can enable the auto-redirect feature of WebAdvantage to help ensure users are always using the https version of the site.
This can be done by logging into WebAdvantage, and going to [Configuration]. Within the General page, check the box to set it to automatically redirect, and specify the port used.
Obtaining and Installing a Trusted Certificate:
While the above steps will properly encrypt the session, it is not a fully trusted certificate and will present users with a warning when browsing to the site. It is strongly recommended that you obtain a trusted certificate, especially in cases using Credit Card Payments, Web Printing, or when the site is exposed to the internet.
Obtaining and installing the certificate within IIS is beyond the scope of this guide, or Software Shelf International’s support. Below is a list of known websites that sell and even provide instructions for install a certificate.
Network Solutions:
http://www.networksolutions.com
InstantSSL:
http://www.instantssl.com
Verisign:
http://www.verisign.com
Comments