SSL stand for Secure Sockets Layer. It provides a secure connection between internet browsers and websites, allowing you to transmit private data online. Sites secured with SSL display a padlock in the browsers URL and possibly a green address bar if secured by EV Certificate.
Under normal circumstances, the customer, or re-seller should have already installed the certificate in IIS.
Square 9 Support Engineers may perform this at their manager's discretion, but under normal circumstances, installing the cert should be the burden of either the Reseller or local IT.
Adding SSL Certificate
In the event the client needs guidance on how to install an SSL Certificate, follow these instructions:
- Go into IIS (inetserv if launching from ‘run’)
- Select your Server name
- Click on ‘Server Certificates’
- Create a new Self-Signed Certificate and click OK
- Set and click OK
- Export the Self Signed Certificate (Optional, based on setup)
Please note: Errors installing the SSL Cert fall outside the purview and expertise of Square 9 Support and should be directed at local IT or at a Windows Technician
Adding and Removing Bindings from IIS
Bindings determine what port(s) users can access the website through. Since SSL/https runs on a different port than http, we're going to have to specify what port we're listening on for the external traffic.
- Right-click on your default website, or wherever SmartSearch is installed to
- Select ‘Edit bindings’
- Click ‘Add’
- Select Type: Https, SSL Certificate:, and the click OK
- (Optional) If your client wants to completely disable authentication over http (locally) remove http bindings (usually port 80). If client wants to let users authenticate from within the domain, you can keep your http bindings without issue.
- click on your Default Website in IIS again
- Select ‘SSL Settings’
- Click on Require SSL to enable it, and the select ‘Ignore’ for client certification
- Apply the changes
At this point, IIS should be correctly configured for SSL. The remaining portions of the configuration will have to do with modifying configuration files to use the new address and port.
Web.config SSL Configuration Changes
- Un-comment the section below (if you are unable to find these lines, you can do a ctrl+f to find it):
In versions prior to 4.2, you will also need to uncomment this section:
Please Note: In Version 4.2 and below, you will need to change clientCredentialType to “InheritFromHost“.
Change this line:
http://localhost/getsmart/folders.asmx To: https://localhost/getsmart/folders.asmx
Address Changes Across All Configuration Files
- Change all of the Program Configuration files to use ‘https’ instead of ‘http‘ and change the IP, or server name to the FQDN (Fully Qualified Domain Name. ex Fullyqualified.domain.name.com) This includes switching any references to 'Localhost' in the config files to use the FQDN.
- Configuration Files to Change:
- All Configuration files in your Server Getsmart directory, including your RestProxy.xml file
- All Configuration files in your Client Install Directory, including your RestProxy.xml file
- All Configuration files in your inetpub\wwwroot\getsmart\upgrades directory, including your RestProxy.xml file
- Your Engine configuration file in Capture Services\GlobalCapture_#\ Directory (4.4+)
- The web configs located in the following virtual directories:
- Square9CaptureAPI (4.4+)
- Here is a URL to test your configuration
If you are prompted to log in after this is done, you have correctly configured your SSL address for external use.