Following config files have to be adapted

IIS Configuration

Step

Description

Screenshot

Get computer's fully qualified name


In cmd, run hostname:

Then, ping this hostname to get the computer's fully qualified name:

Install Certificate


In powershell (run as Administrator), run:

New-SelfSignedCertificate -DnsName COMPUTER_FULLY_QUALIFIED_NAME -CertStoreLocation cert:\LocalMachine\My -FriendlyName COMPUTER_FULLY_QUALIFIED_NAME -KeyUsage digitalSignature

(warning) Note that the self-signed certificate must be copied to the trusted root certificates, see next step

(warning) Note that if the KeyUsage parameter is not set - for example the certificate created via the UI in IIS - there might be problems with some browsers resulting the following error message: ERR_SSL_KEY_USAGE_INCOMPATIBLE 

Import the self-signed certificate into the trusted 


Run mmc, add a snap-in for the certificates of the local computer. 


Copy the newly created self signed certificate from Certificates (Local Computer) → Personal → Certificates to Trusted Root Certification Authorities using Copy & Paste.

Install Certificate

create a self-signed certificate or a prepared certificate

Bindings

add binding https referring the installed certificate

Require SSL

optionally set Require SSL

click Apply to save changes

HTTP to HTTPS

Using URL Rewrite Module 2.0 HTTP requests can be redirected to HTTPS.

URL Rewrite (Download)
Redirect from HTTP to HTTPS using the IIS URL Rewrite module

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTPS Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

TLS protocol and cipher configuration

https://www.nartac.com/Products/IISCrypto/


URLACL

Note: (warning) Starting from SPX 19.1 replace TISBoard with SPX-SmartClient-Rep-FC-Board.

cmd
netsh http add urlacl url=https://*:443/TISBoard/DispatcherService.svc user="NT AUTHORITY\SYSTEM"
netsh http add urlacl url=https://*:443/tisapi user="NT AUTHORITY\SYSTEM"
 
 
netsh http add urlacl url=http://*:80/TISBoard/DispatcherService.svc user="NT AUTHORITY\SYSTEM"
netsh http add urlacl url=http://*:80/tisapi user="NT AUTHORITY\SYSTEM"




TIService (TIS Board)

  1. replace bindingConfiguration="TISBoard0Binding" with bindingConfiguration="TISBoard0SecureBinding"
  2. set TISBoard0SoapBinding security mode to Transport
  3. replace http with https here
  4. for TisWebApiBaseAddress additionally replace port 80 with 443


TIServiceWindowsService.exe.config
<services>
<service behaviorConfiguration="TisBoard0Svc" name="TISBoard0.TISBoard0">
<endpoint address="soap" binding="basicHttpBinding" bindingConfiguration="TISBoard0SoapBinding" contract="TISBoard0.ITISBoard0"></endpoint>
 
 
<!-- up to version 5.11 -->
<endpoint address="" binding="webHttpBinding" bindingConfiguration="TISBoard0SecureBinding" contract="TISBoard0.ITISBoard0" behaviorConfiguration="webTisboard0"></endpoint>
 
 
<!-- from version 5.12 --->
<endpoint address="" binding="customBinding" bindingConfiguration="TISBoard0SecureBinding" behaviorConfiguration="zipBehavior" contract="TIServiceWindowsService.IDispatcherServiceContract" />
 
<host>
<baseAddresses>
<add baseAddress="https://locahost/TISBoard/DispatcherService.svc"></add>
</baseAddresses>
</host>
</service>
</services>
 
<basicHttpBinding>
<binding name="TISBoard0SoapBinding" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="1024" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="16384"/>
<security mode="Transport"> </security>
</binding>
</basicHttpBinding>
 
 
 
 
<appSettings>
<!-- absolute path -->
<add key="StimulsoftReportViewerUrl" value="https://MYHOST/DEVEL/TISBoard/Report.aspx" />
 
<!-- preferable relative path -->
<add key="StimulsoftReportViewerUrl" value="/TISBoard/Report.aspx" />
 
 
<!-- necessary for SPX picker -->
<add key="TisWebApiBaseAddress" value="https://+:443/tisapi/" />
<add key="TisWebApiDocsBaseAddress" value="https://localhost/tisapi" />
 
 
</appSettings>

WebApp (TIS Editor)

  1. for both endpoints add bindingConfiguration="webSecureBinding" 
  2. replace http with https here


web.config
<services>
<service name="WebApp.Svc.TISEditor">
    <endpoint address="https://localhost/XIMES04/TIS/WebApp/Svc/TISEditor.svc" behaviorConfiguration="TISEditor" binding="webHttpBinding" bindingConfiguration="webSecureBinding" name="HTTP" contract="WebApp.Svc.TISEditor" />
</service>
  <service name="WebApp.DispatcherService">
   <endpoint address="https://localhost/XIMES04/TIS/WebApp/DispatcherService.svc" behaviorConfiguration="TISEditor" binding="webHttpBinding" bindingConfiguration="webSecureBinding" contract="TISEditorContract.ITISEditorService" />
  </service>                                                   
</services>