To encrypt traffic between the web server and the client browser, as well as to protect privileged passwords while they are in transit, you must configure SSL. Privileged Identity does not come with a pre-installed certificate. Rather, you must obtain a certificate from a public certificate authority, from an internal private certificate authority, or by using a free utility. You can also use a self-signed certificate or create one in IIS.

Create an SSL Certificate

Internet Information Services (IIS) Manager

  1. On the web app host server, open Internet Information Services (IIS) Manager.
  2. From the Connections pane, select your server node.
  3. From the center pane, open Server Certificates.
    • To create a request to an external certificate authority, go to External Certificate Authority.
    • To create a request to an internal certificate authority, go to In-House Certificate Authority.
    • To create a self-signed certificate, go to Self-Signed Certificate.

External Certificate Authority

Create Certificate Request

  1. To create a certificate request to a third-party certificate authority, select Create Certificate Request from the Actions pane.

Request Certificate - Distinguished Name Properties

  1. On the Distinguished Name Properties dialog, enter the Common name (the name of the server as entered in a browser). Fill in all fields, and then click Next.

Request Certificate - Cryptographic Service Provider Properties

  1. Select the appropriate Crytographic service provider.
  2. Set the Bit length to 2048 bits or higher to maintain compatibility with modern browser and systems.
  3. Click Next.

Request Certificate - File Name

  1. Enter a name for the certificate request file, and then click Finish.

Complete Certificate Request

  1. You must now send the certificate request file to the certificate authority. Once they have signed your certificate and returned it to you, select Complete Certificate Request from the Actions pane.

Complete Certificate Request - Specify Certificate Authority Response

  1. Browse to the signed certificate file.
  2. In Friendly Name, enter a name for easy identification.
  3. Select Web Hosting as the certificate store, and then click OK.
  4. The certificate is added to the Server Certificates list.

In-House Certificate Authority

  1. To create a certificate request to an in-house certificate authority, select Create Domain Certificate from the Actions pane.

Create Certificate - Distinguished Name Properties

  1. On the Distinguished Name Properties dialog, enter the Common name (the name of the server as entered in a browser). Fill in all fields, and then click Next.

Create Certificate - Online Certification Authority

  1. In Specify Online Certification Authority, enter or search for the path of a certificate authority in your Windows domain.
  2. In Friendly name, enter a name for easy identification.
  3. Click Finish.
  4. The certificate is added to the Server Certificates list.

Self-Signed Certificate

  1. To create a self-signed certificate, select Create Self-Signed Certificate from the Actions pane.

Create Self-Signed Certificate - Specify Friendly Name

  1. Enter a name for easy identification, and then click OK.
  2. The certificate is added to the Server Certificates list.

Configure the Web App to Use Your Certificate

IIS Manager - Site Bindings

  1. On the web app host server, open Internet Information Services (IIS) Manager.
  2. From the Connections pane, expand your server node, and then click Sites.
  3. From the center pane, select the web site that hosts your Privileged Identity web app.
  4. From the Actions pane, select Bindings.

Site Bindings

  1. From the Site Bindings dialog, click Add.

Add Site Binding

  1. From the Type dropdown, select https.
  2. From the IP address dropdown, select an IP or select All Unassigned.
  3. You may leave Port as the default unless your network settings require you to change it.
  4. Enter the Host name for your site.
  1. If you need to include a virtual domain as part of SSL negotiation, you may check Require Server Name Identification.
  2. Select the appropriate certificate from the SSL certificate dropdown.
  3. Click OK.
  4. HTTPS binding is now appended to the web site. Click Close.

IIS Manager - Default Web Site Home

  1. To require the web site to use SSL, select your site node from the Connections pane of the IIS manager.
  2. In the IIS section of the center pane, open SSL Settings.

Require SSL

Rate this post