Following config files have to be adapted
IIS Configuration
Step | Description | Screenshot |
---|---|---|
Get computer's fully qualified name | In cmd, run hostname: Then, ping this hostname to get the computer's fully qualified name: | |
Install Certificate | In powershell (run as Administrator), run: New-SelfSignedCertificate -DnsName COMPUTER_FULLY_QUALIFIED_NAME -CertStoreLocation cert:\LocalMachine\My -FriendlyName COMPUTER_FULLY_QUALIFIED_NAME -KeyUsage digitalSignature Note that the self-signed certificate must be copied to the trusted root certificates, see next step Note that if the KeyUsage parameter is not set - for example the certificate created via the UI in IIS - there might be problems with some browsers resulting the following error message: ERR_SSL_KEY_USAGE_INCOMPATIBLE | |
Import the self-signed certificate into the trusted | Run mmc, add a snap-in for the certificates of the local computer. Copy the newly created self signed certificate from Certificates (Local Computer) → Personal → Certificates to Trusted Root Certification Authorities using Copy & Paste. | |
Install Certificate | create a self-signed certificate or a prepared certificate | |
Bindings | add binding | |
Require SSL | optionally set Require SSL click Apply to save changes | |
HTTP to HTTPS | Using URL Rewrite Module 2.0 HTTP requests can be redirected to HTTPS. | URL Rewrite (Download) <? xml version = "1.0" encoding = "UTF-8" ?> < configuration > < system .webServer> < rewrite > < rules > < rule name = "HTTPS Redirect" stopProcessing = "true" > < match url = "(.*)" /> < conditions > < add input = "{HTTPS}" pattern = "^OFF$" /> </ conditions > < action type = "Redirect" url = "https://{HTTP_HOST}{REQUEST_URI}" appendQueryString = "false" /> </ rule > </ rules > </ rewrite > </ system .webServer> </ configuration > |
TLS protocol and cipher configuration |
URLACL
Note: Starting from SPX 19.1 replace TISBoard
with SPX-SmartClient-Rep-FC-Board
.
netsh http add urlacl url=https:
//*:443/TISBoard/DispatcherService.svc user="NT AUTHORITY\SYSTEM"
netsh http add urlacl url=https:
//*:443/tisapi user="NT AUTHORITY\SYSTEM"
netsh http add urlacl url=http:
//*:80/TISBoard/DispatcherService.svc user="NT AUTHORITY\SYSTEM"
netsh http add urlacl url=http:
//*:80/tisapi user="NT AUTHORITY\SYSTEM"
TIService (TIS Board)
- replace
bindingConfiguration="TISBoard0Binding"
withbindingConfiguration="TISBoard0SecureBinding"
- set
TISBoard0SoapBinding
security mode toTransport
- replace
http
withhttps
here - for
TisWebApiBaseAddress
additionally replace port 80 with 443
<
services
>
<
service
behaviorConfiguration
=
"TisBoard0Svc"
name
=
"TISBoard0.TISBoard0"
>
<
endpoint
address
=
"soap"
binding
=
"basicHttpBinding"
bindingConfiguration
=
"TISBoard0SoapBinding"
contract
=
"TISBoard0.ITISBoard0"
></
endpoint
>
<!-- up to version 5.11 -->
<
endpoint
address
=
""
binding
=
"webHttpBinding"
bindingConfiguration
=
"TISBoard0SecureBinding"
contract
=
"TISBoard0.ITISBoard0"
behaviorConfiguration
=
"webTisboard0"
></
endpoint
>
<!-- from version 5.12 --->
<
endpoint
address
=
""
binding
=
"customBinding"
bindingConfiguration
=
"TISBoard0SecureBinding"
behaviorConfiguration
=
"zipBehavior"
contract
=
"TIServiceWindowsService.IDispatcherServiceContract"
/>
<
host
>
<
baseAddresses
>
<
add
baseAddress
=
"https://locahost/TISBoard/DispatcherService.svc"
></
add
>
</
baseAddresses
>
</
host
>
</
service
>
</
services
>
<
basicHttpBinding
>
<
binding
name
=
"TISBoard0SoapBinding"
maxBufferPoolSize
=
"2147483647"
maxBufferSize
=
"2147483647"
maxReceivedMessageSize
=
"2147483647"
>
<
readerQuotas
maxDepth
=
"1024"
maxStringContentLength
=
"2147483647"
maxArrayLength
=
"2147483647"
maxBytesPerRead
=
"2147483647"
maxNameTableCharCount
=
"16384"
/>
<
security
mode
=
"Transport"
> </
security
>
</
binding
>
</
basicHttpBinding
>
<
appSettings
>
<!-- absolute path -->
<
add
key
=
"StimulsoftReportViewerUrl"
value
=
"https://MYHOST/DEVEL/TISBoard/Report.aspx"
/>
<!-- preferable relative path -->
<
add
key
=
"StimulsoftReportViewerUrl"
value
=
"/TISBoard/Report.aspx"
/>
<!-- necessary for SPX picker -->
<
add
key
=
"TisWebApiBaseAddress"
value
=
"https://+:443/tisapi/"
/>
<
add
key
=
"TisWebApiDocsBaseAddress"
value
=
"https://localhost/tisapi"
/>
</
appSettings
>
WebApp (TIS Editor)
- for both endpoints add
bindingConfiguration="webSecureBinding"
- replace
http
withhttps
here
<
services
>
<
service
name
=
"WebApp.Svc.TISEditor"
>
<
endpoint
address
=
"https://localhost/XIMES04/TIS/WebApp/Svc/TISEditor.svc"
behaviorConfiguration
=
"TISEditor"
binding
=
"webHttpBinding"
bindingConfiguration
=
"webSecureBinding"
name
=
"HTTP"
contract
=
"WebApp.Svc.TISEditor"
/>
</
service
>
<
service
name
=
"WebApp.DispatcherService"
>
<
endpoint
address
=
"https://localhost/XIMES04/TIS/WebApp/DispatcherService.svc"
behaviorConfiguration
=
"TISEditor"
binding
=
"webHttpBinding"
bindingConfiguration
=
"webSecureBinding"
contract
=
"TISEditorContract.ITISEditorService"
/>
</
service
>
</
services
>