The following guide covers setting up HTTPS security for your WebAdvantage Site. Using https helps ensure user name and passwords, credit card information, and other sensitive data is encrypted during the use of WebAdvantage.
When should I enable HTTPS?
Always. While WebAdvantage can be run without enabling HTTPS, it is strongly recommended that it always be enabled. Especially whenever Active Directory authentication is used, and definitely when payments or Web Printing is enabled.
Setting up HTTPS with a Self-Signed Certificate
The following steps provide steps to create and install a Self Signed certificate on Server 2008.
1. Open Server Certificates within IIS:
You will first need to access Server Certificates section of IIS.
a. Open IIS within Administrative Tools > Internet Information Services
b. Within IIS, select your server and in the list of Features Icons double click the one labeled Server Certificates.
2. Open the Self-Signed Certificate Wizard:
Within Server Certificates an option within Actions on the right, will exist named Create Self Signed Certificate...
3. Running the Self-Signed Certificate Wizard:
A wizard will open allowing creation of a certificate. Specify a name for this certificate. No specific name is required for this.
4. Configure the PMP Site to use this Cert:
Next you will need to configure the PMP site running Print Manager Plus’ Web Add-Ons to use this cert.
a. Expand the Sites folder and select the site named PMP. Right Click on it and chose Bindings
b. Within Bindings, click Add, and create a new binding for HTTPS on port 48111
Browsing the site using HTTPS:
After this has been installed, the HTTPS version of the site can be browsed by the following URL.
Enabling WebAdvantage's Auto-Redirect:
If you are using WebAdvantage version 1.2.03 or later, then you can enable the auto-redirect feature of WebAdvantage to help ensure users are always using the https version of the site.
This can be done by logging into WebAdvantage, and going to [Configuration]. Within the General page, check the box to set it to automatically redirect, and specify the port used.
Obtaining and Installing a Trusted Certificate:
While the above steps will properly encrypt the session, it is not a fully trusted certificate and will present users with a warning when browsing to the site. It is strongly recommended that you obtain a trusted certificate, especially in any of the following cases.
- Credit Card Payments will be accepted
- Web Printing is enabled
- The Site is exposed to the internet
Obtaining and installing the certificate within IIS is beyond the scope of this guide, or Software Shelf International’s support. Below is a list of known websites that sell and even provide instructions for install a certificate.