converting from http to https

Mike_StormsMike_Storms Customer IT Monkey ✭

Hi,

We are wanting to convert from http port 80 to https port 443. We have a certificate. Is there any information on how to best accomplish this in an existing system? I'm sure others have done this what issues did you encounter how were they resolved...Thanks!

Tagged:

Best Answers

  • Tom_HendricksTom_Hendricks Customer Ninja IT Monkey ✭✭✭✭
    Accepted Answer
    Completely agree with @Adam_Dzyacky above.  Use the MMC console for requesting internal certificates from your root CA, following its (hopefully more robust) policies, and I believe you would also add external certificates (if your site is publicly accessible) from there as well.

    While you did not mention this, @Mike_Storms, the first thing I thought of when reading your question was redirection from http to https.

    I am assuming here that you have added a binding to the site in IIS for HTTPS to port 443 (or another, if you choose) and you added your certificate to the binding.  This is essentially what the second page of the Cireson Portal installer does as well.  You could re-run it if you prefer that to the IIS interface.  It can also be done via PowerShell.  The Cireson Portal installer used to eliminate this binding every time it ran, so I had to script this and run it each time we updated.  This script assumes that you installed the cert the way Adam described above.

    I have posted this script in a different comment thread, already.  It also includes the HTTP to HTTPS redirection and setting the session timeout, at the bottom (which you can remove if desired, of course).

Answers

  • Adam_DzyackyAdam_Dzyacky Customer Contributor Monkey ✭✭✭✭✭
    I think the biggest gotcha on the topic of certificates (independent of Cireson) is the SHA1 deprecation by browsers. If I'm not mistaken, if you generate a web cert through IIS (and unless you've configured otherwise) it will by default issue a SHA1 based cert. You can get around this by creating a new template not based on SHA1 on your CA, then requesting a new cert through an MMC snap-in.

    There isn't much in the way of Cireson specific documentation, as the portal sits entirely on IIS which is where this change is made. However it should be as simple as adding a new binding for port 443 on the same web server, providing the cert, and the host name. In order to even select the cert within the IIS binding window, the cert will need to be placed in the Personal store of the Computer account.


  • Tom_HendricksTom_Hendricks Customer Ninja IT Monkey ✭✭✭✭
    Accepted Answer
    Completely agree with @Adam_Dzyacky above.  Use the MMC console for requesting internal certificates from your root CA, following its (hopefully more robust) policies, and I believe you would also add external certificates (if your site is publicly accessible) from there as well.

    While you did not mention this, @Mike_Storms, the first thing I thought of when reading your question was redirection from http to https.

    I am assuming here that you have added a binding to the site in IIS for HTTPS to port 443 (or another, if you choose) and you added your certificate to the binding.  This is essentially what the second page of the Cireson Portal installer does as well.  You could re-run it if you prefer that to the IIS interface.  It can also be done via PowerShell.  The Cireson Portal installer used to eliminate this binding every time it ran, so I had to script this and run it each time we updated.  This script assumes that you installed the cert the way Adam described above.

    I have posted this script in a different comment thread, already.  It also includes the HTTP to HTTPS redirection and setting the session timeout, at the bottom (which you can remove if desired, of course).
  • Mike_StormsMike_Storms Customer IT Monkey ✭
    Thanks sounds like the best way is to reinstall portal only specifying the cert if I understand correctly. 

    What about any hard coded links in notifications I assume they would need changing to point to https.  Is that correct?
  • Mike_StormsMike_Storms Customer IT Monkey ✭
    Thanks for everyone's response our conversion is extremely successful.
Sign In or Register to comment.