Installing SSL on the FileHold Server for Windows 2008 x64 IIS 7 ...

echinoidqueenΔιακομιστές

4 Δεκ 2013 (πριν από 3 χρόνια και 8 μήνες)

84 εμφανίσεις



I
NSTALLING

YOUR

SSL

C
ERTIF
ICATE

ON

THE

F
ILE
H
OLD

S
ERVER

ON


W
INDOWS

2008

X
64

ON

IIS

7




Copyright

©20
1
1

FileHold

Systems

Inc
.

All

rights

reserved.

For

further

information

about

this

manual

or

other

FileHold

Systems

products,

contact

us

at

Suite

250

-

4664

Lougheed

Highway

Burnaby,

BC,

Canada

V5C5T5,

via

email

sales@filehold.com
,

our

website

www.filehold.com,

or

call

604
-
734
-
5653.

FileHold

is

a

trademark

of

FileHold

Systems.

All

other

products

are

trademarks

or

registered

trademarks

of

their

respective

holders,

all

rights

reserved.

Reference

to

these

products

is

not

intended

to

imply

affiliation

with

or

sponsorship

of

FileHold

Systems.


Proprietary

Notice

This

document

contains

confidential

and

trade

secret

information,

which

is

proprietary

to

FileHold

Systems,

and

is

protected

by

laws

pertaining

to

such

materials.

This

document,

the

information

in

this

document,

and

all

rights

thereto

are

the

sole

and

exclusive

property

of

FileHold

Systems,

are

intended

for

use

by

customers

and

employees

of

FileHold

Systems,

and

are

not

to

be

copied,

used,

or

disclosed

to

anyone,

in

whole

or

in

part,

without

the

express

written

permission

of

FileHold

Systems.

For

authorization

to

copy

this

information,

please

call

FileHold

Systems

Product

Support

at

604
-
734
-
5653

or

email

sales@filehold.com
.


Tabl e of Cont ent s

Fi l eHol d

i


May 2011

TABLE OF CON
T
ENTS

1.

CSR GENERATION: MICR
OSOFT IIS 7.X

................................
................................
................................

2

2.

SSL CERTIFICATE INST
ALLATION: MICROSOFT
IIS 7.X

................................
................................
..........

5

3.

INSTALLING THE ROOT
AND INTERMEDIATE CER
TIFICATES

................................
................................
.

9

4.

SET SITE BINDINGS IN

IIS 7 ON DEFAULT WEB

SITE

FOR THE CERTIFICATE
YOU HAVE INSTALLED F
ROM
YOUR SSL PROVIDER

................................
................................
................................
..............................

13

5.

ENSURE SSL IS REQUIR
ED ON THE FILEHOLD A
PPLICATION

................................
...............................

14

6.

CHANGE WEB CONFIGS W
ITH FHINSTRUMENTATIO
N TOOL

................................
.............................

14

7.

TESTING YOUR SSL CER
TIFICATE

................................
................................
................................
.......

17


Fi l eHol d

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

2


May 2011

1.

CSR

GENERATION:

MICROSOFT

IIS

7.X

WARNING
:

This

information

is

provided

purely

as

a

guide

and

you

should

always

follow

the

IIS

7

specific

guide

from

your

own

SSL

provider.


1.

Click

Start

and

go

to

Administrative

Tools
.

2.

Start

Internet

Services

Manager
.

3.

Click

Server

Name
.

4.

From

the

center

menu,

double
-
click

Server

Certificates

in the
Security

section.


5.

From the
Actions

menu,

click

Create

Certificate

Request
.

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

Fi l eHol d

May 2011


3


6.

This

will

open

the

Request

Certificate

wizard.


7.

In

the

Distinguished

Name

Properties

window,

enter

the

information

as

follows:



The

Common

Name

field

should

be

the

Fully

Qualified

Domain

Name

(FQDN)

or

the

web

address

for

which

you

plan

to

use

your

IIS

SSL

Certificate.

You

will

need

to

insure

that

the

common

name

submitted

in

the

CSR

is

the

correct

domain

name

/

FQDN

that

you

intend

to

use

the

certificate

for.

For

wildcard

SSL

certificates

the

common

name

should

contain

at

least

one

asterisks

(*)

e.g.

*.comodo.com,*.instantssl.com,etc

Fi l eHol d

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

4


May 2011



Enter

Organization

and

Organization

Unit
. T
hese

are

your

company

name

and

department

respectively.



Enter

your

City/locality
,

State/province

and

Country/region
.

8.

Click

Next
.

9.

In

the

Cryptographic

Service

Provider

Properties

window,

leave

both

settings

at

their

defaults

(Microsoft

RSA

SChannel

and

1024)

and

then

c
lick

Next
.


10.

Enter

a

filename

and

location

to

save

your

CSR.

You

will

need

this

CSR

to

enroll

for

your

IIS

SSL

Certificate.


11.

Click

Finish
.

Your

new

CSR

is

now

contained

within

the

file

c:
\
certreq.txt
.

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

Fi l eHol d

May 2011


5

12.

When

you

make

your

application,

make

sure

you

include

the

CSR

in

its

entirety

into

the

appropriate

section

of

the

enrollment

form

-

including


-----
BEGIN

CERTIFICATE

REQUEST
-----
to
-----
END

CERTIFICATE

REQUEST
-----

13.

Click

Next
.

14.

Confirm

your

details

in

the

enrollment

form

and click
Finish
.

T
O

SAVE

YOUR

PRIVATE

KEY

1.

Go

to

Certificates

snap
-
in

in

the

MMC
.

2.

Select

Requests
.

3.

Select

All

tasks
.

4.

Select

Export
.

2.

SSL

CERTIFICATE

INSTALLATION:

MICROSOFT

IIS

7.X


1.

Click

Start

and s
elect

Administrative

Tools
.

2.

Start

Internet

Services

Manager
.

3.

Click

Server

Name
.

4.

From

the

center

menu,

double
-
click

the

Server

Certificates

button

in

the

Security


section.


5.

From the
Actions

menu,

click

Complete

Certificate

Request

.

Fi l eHol d

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

6


May 2011


6.

This

will

open

the

Complete

Certificate

Request

wizard.


7.

Enter

the

location

of

your

IIS

SSL

certificate

(you

will

need

to

browse

to

locate

your

IIS

SSL

certificate

this

file

will

be

the

certificate

sent

to

you

in

a

zip

file

and

should

be

named


yourdomainname.crt

).Then

enter

a

F
riendly

name
.

The

friendly

name

is

not

part

of

the

certificate

itself,

but

is

used

by

the

server

administrator

to

easily

distinguish

the

certificate.

C
lick

O
K
.

NOTE
:

There

is

a

known

issue

in

IIS

7

giving

the

following

error


Cannot

find

the

certificate

request

associated

with

this

certificate

file.

A

certificate

request

must

be

completed

on

the

computer

where

it

was

created.

You

may

also

receive

a

message

stating


ASN1

bad

tag

value

met

.

If

this

is

the

same

server

that

you

generated

the

CSR

on

then,

in

most

cases,

the

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

Fi l eHol d

May 2011


7

certificate

is

actually

installed.

Simply

cancel

the

dialog

and

press

F5

to

refresh

the

list

of

server

certificates.

If

the

new

certificate

is

now

in

the

list,

you

can

continue

with

the

next

step.

If

it

is

not

in

the

list,

you

will

need

to

reissue

your

certificate

using

a

new

CSR

and

replace

this

Certificate.

Please

use

the

instructions

provided

from

your

SSL

provider

for

this

task.

8.

After

the

certificate

has

been

successfully

installed

to

the

server,

you

will

need

to

assign

that

certificate

to

the

appropriate

website

using

IIS.

9.

From

the
Connections

menu

in

the

main

Internet

Information

Services

(IIS)

Manager

window,

select

the

name

of

the

server

to

which

the

certificate

was

installed.

10.

Under
Sites
, select

the

site

to

be

secured

with

SSL
.

11.

From

the
Actions

menu
),

click

on
Bindings
.


12.

This

will

open

the

Site

Bindings

window
.


13.


In

the

Site

Bindings

window
,

click

Add
.
This

will

open

the

Add

Site

Binding

window
.

Fi l eHol d

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

8


May 2011


14.

Under

Type

, select
https
.

The

IP

address

should

be

the

IP

address

of

the

site

or

All

Unassigned
,

and

the

port

over

which

traffic

will

be

secured

by

SSL

is

usually

443
.

The


SSL

Certificate

field

should

specify

the

certificate

that

was

installed

previously.

15.

Click

OK

.

You

now

have

an

IIS

SSL

server

certificate

installed.


16.

IMPORTANT
!
:

You

must

now

restart

the

IIS

/

the

website

to

complete

the

install

of

the

certificate

17.

Once

you

have

completed

the

above

steps

you

will

need

to

install

the

Root

and

Intermediate

certificates

manually.

For

installation

instructions

on

how

to

manually

install

the

other

Root

and

Intermediate

Certificates

that

are

sent

with

your

web

server

that

you

have

been

sent

PLEASE

read

the

next

page



I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

Fi l eHol d

May 2011


9

3.

INSTALLING

THE

ROOT

AND
INTERMEDIATE

CERTIFICATES

1.

Please use the SSL certificates you have purchase
d

from your certificate authority that
provides sells SSL certificates.

2.

Save

these

Certificates

to

the

desktop

of

the

web server

machine.


3.

Click

Start
,

select

Run
,

type

mmc

and

click

OK
.


4.

Click

File

and

select

Add/Remove

Snap

in
.


5.

S
elect

Add
.

Fi l eHol d

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

10


May 2011


6.

Select

Certificates

from

the

Add

Standalone

Snap
-
in

window

and

click

Add
.


7.

Select

Computer

Account

and

click

Next
.

WARNING
:

This

step

is

very

important.

It

must

be

the

computer

account

and

no

other

account
.

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

Fi l eHol d

May 2011


11


8.

Select

Local

Computer

and

select

Finish
.


9.

Close

the

Add

Standalone

Snap
-
in

window and
click

OK
.

10.

Return

to

the

MMC


TO

INSTALL

THE

YOUR

ROOT

CERTIFICATE

1.

Right

click

the

Trusted Root Certification Authorities
,

select

All Tasks
,

and
select

Import
.


Fi l eHol d

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

12


May 2011


2.

The
Certificate Import Wizard

opens. Click
Next
.


3.

Locate

the

Root Certificate

and

click

Next
.


I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

Fi l eHol d

May 2011


13


4.

When

the

wizard

is

completed,

click

Finish
.


TO

INSTALL

THE

INTERMEDIATE

CERTIFICATE
/
CERTIFICATES

1.

Right

click

the

Intermediate Certification Authorities
,

select

All Tasks
,

select

Import
.



2.

Complete

the

Certificate

Import Wizard

again,

but

this

time

locating

the

intermediate

Certificate

when

prompted

for

the

Certificate

file
.


NOTE
: Y
ou

will

need

to

repeat

this

step

for

all

the

intermediate

certificates

that

are

sent

to

you.


3.

Ensure

that

the

Root

certificate

appears

under

Trusted

Root

Certification

Authorities
.

4.

Ensure

that

the

intermediate

certificate

/

certificates

appear

under

Intermediate

Certification

Authorities
.

5.

Once

these

are

installed

you

may

need

to

restart

the

server.

4.

SET

SITE

BINDINGS

IN

IIS

7

ON

DEFAULT

WEB

SITE

FOR

THE

CERTIFICATE

YOU

HAVE

INSTALLED

FROM

YOUR

SSL

PROVIDER

1.

Click

on

Default

Web

Site

in

IIS

7

Administration

application.


Fi l eHol d

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

14


May 2011

2.

C
lick

B
indings

and

then

edit

the

bindings

as

needed.

You

can

remove

the

port

80

HTTP

binding

if

you

wish.

We

recommend

this.


5.

ENSURE

SSL

IS

REQUIRED

ON

THE

FILEHOLD

APPLICATION


6.

CHANGE

WEB

CONFIGS

WITH

FHINSTRUMENTATION

TOOL

1.

Launch

the

FHInstrumentation

tool

located

at:

Program

Files
\
FileHold

Systems
\
Application

Server
\
FH
\
FileHold
\
FHinstrumentation

2.

Right
-
click

and

R
un

as

Server

or

domain

administrator

account

and

remove

the

check

mark

to

run

with

restricted

permissions.

Do

this

at

all

times

when

running

this

tool.

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

Fi l eHol d

May 2011


15


3.

Select

C
hange

port,

server

name

or

protocol

wizard

and

c
lick

Start
.


4.

Browse

to

find

the

Application

Server

Folder

and

then

click

Next
.

This

locates

the

config

files

so

the

FHInstrumentation

utility

can

change

them.




5.

Select

Change

Protocol

c
heck

box

and

click

Next
.

Fi l eHol d

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

16


May 2011


6.

The

tool

will

update

all

web.config

files

from

http

to

https

and

will

save

about

15

minutes

of

work
with

Notepad

or

Notepad

++.

7.

Click

Update

to

finish

the

procedure.


8.

The

task

will

finish

successfully

if

the

account

you

are

using

to

run

this

tool

has

the

appropriate

server

administrator

permissions.

I nst al l i ng Your S
SL

Cert i f i cat e
o
n
t
he Fi l e
H
ol d Ser ver

Fi l eHol d

May 2011


17


9.

Click

Finish
.

10.

R
estart

World

Wide

Web

Service

in

Services.msc

control

panel

or

go

to

control

panel

and

select

services

and

restart

it

there.


7.

TESTING

YOUR

SSL

CERTIFICATE

1.

Change

all

Web

Client

short

cuts

to

HTTPS

and

FDA

connection

URL’s

to

HTTPS

and

try

to

login.

2.

Testing

with

Web

Client:



Do

a

test

of

search,

adding

a

document,

checking

out

a

document,

checking

in

a

document,

launching

and

completing

a

workflow

(if

you

use

this

optional

module)
.

3.

Testing

with

Desktop

Client:



Repeat

the

same

test.

Do

a

test

of

search,

adding

a

document,

checking

out

a

document,

checking

in

a

document,

launching

and

completing

a

workflow

(if

you

use

this

optional

module)