Versions Compared

Old Version 19

changes.mady.by.user Mont Rothstein

Saved on

compared with

New Version Current

changes.mady.by.user Mont Rothstein

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Identify the Certificate Authority (CA) - If you need to setup Microsoft Certificate Services the following link may:

  2. Install the Certificate - Request and install a certificate for the website under which the application will run. See: How to Get a Certificate from an internal CA

    • The certificate must be created for a website (ex: Default Web Site) not the virtual directory for the web application.

    • A Bit length of 2048 or higher.

    • Select SHA256 for your hash algorithm.

    • Set the Subject Alternative Name or to the FQDN of the server or a wildcard that includes the server (ex: *.mydomain.gov)

    • Validity period if of 389 days or less

    • ExtendedKeyUsage extension containing the id-kp-serverAuth OID

    • See this Microsoft KB article for more information: http://support.microsoft.com/kb/299875

...

Add an https site binding

Info

Skip this if Certify SSL Manager win-acme was used to obtain the certificate as it will already be done.

...

  1. Install the URL Rewrite Module for IIS: http://www.iis.net/downloads/microsoft/url-rewrite (scroll to bottom for installers by language and architecture)

  2. Require SSL must not be checked for either Default Web Site or for any application (ex: AdamsAdmin, AdamsWeb, AdamsBridge, etc) under that.  You can check the SSL Settings for each to see that it isn’t.

  3. IIS Manager must be closed

  4. Add a web.config file to the web server's root directory (ex: c:\inetpub\wwwroot) with the below content or the configuration section only if the web.config already exists.  The web server's root directory is typically c:\inetpub\wwwroot even if you have installed Adams web applications on another drive such as e:\inetpub\wwwroot.

    web.config

    Code Block
    languagexml
    <?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP to HTTPS redirect" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
                        redirectType="Permanent" />
                </rule>
            </rules>
            <outboundRules>
                <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
                    <match serverVariable="RESPONSE_Strict_Transport_Security"
                        pattern=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="on" ignoreCase="true" />
                    </conditions>
                    <action type="Rewrite" value="max-age=31536000" />
                </rule>
            </outboundRules>
        </rewrite>
    </system.webServer>
</configuration>


  5. Open IIS Manager

  6. Open Default Web Site → URL Rewite

  7. Select the "Redirect HTTP to HTTPS redirect" rule and verify it is enabled. If not click Enable Rule 

Tip

Try to access the website using HTTP. It should succeed and there should be a lock icon because the request was re-directed to HTTPS.

Require SSL/TLS (deny HTTP)

Require SSL/TLS/HTTPS for all apps.

...