How to configure IIS Certificates on a NuGenesis web server for HTTPS - WKB17988
Article number: 17988
OBJECTIVE or GOAL
Configure a NuGenesis SDMS Web server for HTTPS.
ENVIRONMENT
- NuGenesis 9 SDMS
- NuGenesis 8 SDMS SR2
- Windows Server 2016
- Windows Server 2012
- Windows Server 2008
PROCEDURE
Verify the Server Certificates in IIS:
- Log in to the SDMS Web server and open Control Panel > Administrative Tools > IIS Manager.
- Select the server name in the list.
- Double-click "Server Certificates".
- Verify that at least one valid certificate, issued by the customer's (or a trusted third-party) Certificate Authority (CA) server, is installed in IIS.
- If there are no certificates present in IIS, then one can be created as a self-signed certificate within IIS. This type of certificate is useful mainly for testing because most web browsers categorically warn/block self-signed certificates. Use these steps to create a self-signed certificate:
- Within IIS \ server name \ Server Certificates, click Create Self-Signed Certificate
- Type any arbitrary name for the certificate
- Set the certificate store to Web Hosting
- Click OK
Configure the Default Web Site for HTTPS:
- Select the Default Web Site.
- Click the Bindings link in the Actions pane.
- Verify that there are at least two bindings:
- Type: http Port: 80 IP Address: *
- Type: https Port: 443 IP Address: *
- Select the "https" binding and click Edit.
- Clear the "Host name:" field.
- Select a valid certificate for the SSL Certificate.
- Click OK and Close in the dialog boxes.
- Open "SSL Settings".
- Select the "Require SSL" checkbox.
- Set "Client certificates" to Ignore. Click the Apply button.
ADDITIONAL INFORMATION
This information is applicable only to NuGenesis 8 SR2 and later versions. NG8 FR1 and earlier versions do not support HTTPS.
If the site binding in IIS has HTTPS but no certificate selected, then IE will display an error message when loading any HTTPS links from the server, even the home page (ex: https:// servername/), while HTTP links will work. Internet Explorer will typically display a message about enabling TLS 1.0, 1.1, and 1.2; the issue is more likely to be in the server than in the client settings.
id17988, SDMS, SDMS8, SDMS8NU, SUPISDMS, SUPNG