Setting Up SSL for the Web Interface
SSL on Windows (IIS)
Configuring SSL Certificate
Open the IIS (Internet Information Services) Manager.
Select the Web Server node in the left sidebar, under Start Page, and double-click Server Certificates in the middle pane.
In the Actions pane, select an action to import an existing .pfx SSL certificate or to create a self-signed certificate. If your certificate is in a format other than .pfx, see the documentation or tools provided by your certificate authority to convert certificates to .pfx format.
Select your website under Sites in the left sidebar (usually Default Web Site), and then click Bindings… in the Actions pane on the right.
In the Site Bindings dialog box, click Add, select https on the Type menu, and then select the certificate you added in step 3 from the SSL certificate list. Click OK.
Redirecting HTTP Traffic to HTTPS
Navigate to URL Rewrite rules and locate the grayed out HTTP –> HTTPA redirect rule.
Ensure it’s postitioned at the top of the list, select it, and click Enable under Actions on the right side.
Restart the web server. This will automatically redirect all HTTP queries to HTTPS.
Using the IIS Manager
With Default Web Site selected in the left sidebar, double-click URL Rewrite in the middle pane.
If there’s already an HTTP to HTTPS redirect rule at the top of the list, no further action is needed.
To add a new rule:
Click Add Rules in the Actions pane on the right, then click OK to create an empty inbound rule.
In the Name field, enter HTTP to HTTPS redirect.
In the Pattern field, enter
(.*)
Under conditions, click Add and enter the required condition:
In the Actions pane at the bottom, select Redirect from the Action type drop-down list, set the redirect URL to
https://{HTTP_HOST}/{R:1}
and the redirect type to Permanent (301).
Click Apply in the Actions pane on the left, and then click Back to rules.
Move the new HTTP to HTTPS redirect rule to the top of the list using the Move Up button in the Actions pane on the right.
SSL on Linux (Apache)
By default, the Web Interface uses an unencrypted http connection on port 80. To use it with https on port 443, follow these steps.
Ensure that mod_ssl for Apache is installed:
yum install mod_ssl
If you have existing SSL key files:
place the .key file in /etc/pki/tls/private/
and the .crt and .csr files in /etc/pki/tls/certs/.
If you need new SSL keys, generate a keypair:
openssl req -new -nodes -keyout mmweb.key -out mmweb.csr -newkey rsa:4096
Create self-signed certificate:
openssl x509 -req -days 365 -in mmweb.csr -signkey mmweb.key -out externaldns3.crt
Move the files to the appropriate directories:
cp mmweb.key /etc/pki/tls/private/ cp mmweb.c* /etc/pki/tls/certs/
Once the keyfiles are placed in their respective directories, edit the mmweb.conf file in the Apache configuration directory (default /etc/httpd/conf, or use find /etc/ -name “mmweb.conf” to locate the file) with the following changes:
change
<VirtualHost *:80>
to<VirtualHost *:443>
add in the references to the key files (amend the path as necessary):
SSLCertificateFile /etc/pki/tls/certs/mmweb.crt SSLCertificateKeyFile /etc/pki/tls/private/mmweb.key
enable SSL:
SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
Note
The default Apache installation may already have a <VirtualHost _default_:443>
directive, which may conflict with the mmweb.conf
file.
Comment out this existing VirtualHost block to avoid errors.
To verify the Web Interface is accessible, navigate to https://web-application.domain.tld
. The Micetro Web Interface login should be displayed.