...
Identify the Certificate Authority (CA) - If you need to setup Microsoft Certificate Services the following link may:
Install the Certificate - Request and install a certificate for the website under which the application will run. See: How to Get a Certificate from an internal CA
The certificate must be created for a website (ex: Default Web Site) not the virtual directory for the web application.
A Bit length of 2048 or higher.
Select SHA256 for your hash algorithm.
Set the Subject Alternative Name or to the FQDN of the server or a wildcard that includes the server (ex: *.mydomain.gov)
Validity period if of 389 days or less
ExtendedKeyUsage extension containing the id-kp-serverAuth OID
See this Microsoft KB article for more information: http://support.microsoft.com/kb/299875
...
Add an https site binding
Info |
---|
Skip this if Certify SSL Manager win-acme was used to obtain the certificate as it will already be done. |
...
Install the URL Rewrite Module for IIS: http://www.iis.net/downloads/microsoft/url-rewrite (scroll to bottom for installers by language and architecture)
Require SSL must not be checked for either Default Web Site or for any application (ex: AdamsAdmin, AdamsWeb, AdamsBridge, etc) under that. You can check the SSL Settings for each to see that it isn’t.
IIS Manager must be closed
Add a web.config file to the web server's root directory (ex: c:\inetpub\wwwroot) with the below content or the configuration section only if the web.config already exists. The web server's root directory is typically c:\inetpub\wwwroot even if you have installed Adams web applications on another drive such as e:\inetpub\wwwroot.
web.config
Code Block language xml <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <rule name="HTTP to HTTPS redirect" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" /> </rule> </rules> <outboundRules> <rule name="Add Strict-Transport-Security when HTTPS" enabled="true"> <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" /> <conditions> <add input="{HTTPS}" pattern="on" ignoreCase="true" /> </conditions> <action type="Rewrite" value="max-age=31536000" /> </rule> </outboundRules> </rewrite> </system.webServer> </configuration>
Open IIS Manager
Open Default Web Site → URL Rewite
Select the "Redirect HTTP to HTTPS redirect" rule and verify it is enabled. If not click Enable Rule
Tip |
---|
Try to access the website using HTTP. It should succeed and there should be a lock icon because the request was re-directed to HTTPS. |
Require SSL/TLS (deny HTTP)
Require SSL/TLS/HTTPS for all apps.
...