11.7. HTTPS

 Overview

HTTPS is a more secure way for a browser (client) and a web server to communicate. This is done by using Secure Sockets Layer (SSL) which is the standard security technology for establishing an encrypted link between a web server and a browser. With this link, users can be sure that the data being sent between web browser and server stays private without the ability of interception by a third party. An SSL certificate is needed by the server to identify it self and send a public key for the browser to use to establish the encrypted link.

 Installing SSL Certificate

For SSL server authentication set up there would have to be requirements, a signed certificate and the private key. The simplest way to install a certificate in a Windows System is to have the required parts within a PKCS #12 archive with the extension ".pfx".

This file would have to be imported through Microsoft Management Console (MMC). The fastest way to open this is to search for "mmc" from the start menu in Windows. More information about how to use this program can be found here: https://msdn.microsoft.com/en-us/library/bb742442.aspx

Next, a certificate snap-in must be added to MMC. This is done by selecting "Add/Remove Snap-in" from the "File" menu bar. From the pop-up dialog select "Certificates" from the Available snap-ins list and click on the "Add" button between the two lists to add it to the selected snap-ins list.

Another dialog window should appear. Make sure "Computer Account" is selected and press the Next button. In this next section, make sure Local Computer is selected and press the Finish button. Then click the "OK" button.

Add the Certificate Snap-in

[Tip] Tip

To have easier access to the Certificate Manager, the console can be saved at this point by selecting "Save" under the File menu. The ".msc" file saved can be used to open up the MMC with the Certificate Manager already loaded as a snap-in.


There should now be a new item in the left panel named "Certificates (Local Computer)". Select this and then right click the "Personal" sub-item under it. Under the selection "All tasks" select the "Import" option to open up the "Certificate Import Wizard".

Proceeding through the import wizard, Select the ".pfx" file mentioned previously and there should also be a prompt for a password because these files are encrypted. Be sure to select the option to use the "Personal" certificate store when prompted. After completion, the certificate should be under the "Personal" certificate store.

Importing the SSL certificate (.pfx)

Verify the newly added certificate by opening it and seeing that all info within it is correct. Be sure to check that it says that there is a private key that corresponds to the certificate at the bottom.

Certificate file that has a private key corresponding to it

 Configuration

In Project Editor, under under the web server configuration, there is an option to enable HTTPS. When enabled, the rest of the HTTPS configuration will appear.

Enabled HTTPS configuration in web server

Enable

To enable or disable HTTPS.

Port

This is the port number that HTTPS is going to use. This should NOT be the same as the web server (HTTP) port. The default HTTPS port number is 443.

SSL Certificate Hash

This is how IntegraXor is going to identify which certificate it is going to use from the Local Computer Personal certificate store. This information can be retrieved by opening the certificate from within the Certificate Manager explained previously. Under the "Details" tab scroll down and look for the field "Thumbprint" and select it. The value should be displayed underneath it.

Retrieve SSL certificate hash/thumbprint value

[Tip] Tip

When setting the value of the SSL Certificate Hash, the value can be copied by selecting all the text in the box and pressing CTRL + C on the keyboard. This can then be directly pasted in Project Editor. Don't worry about the formatting as this would be auto fixed when saved.


[Note] Note

After enabling and configuring HTTPS, disabling the feature would not reset the configuration. So this can be enabled and disabled without reconfiguring the settings.


 Runtime

Successfully starting the server with HTTPS enabled will be shown in the web server task properties. The url property will now start with "https://" and the port number will be the one set in the HTTPS configuration instead. All links to project homepage will use the https url instead.

[Note] Note

When running HTTPS any link to the previous (before enabling HTTPS) URL will redirect to the HTTPS URL instead. This is to ensure that all connections to the web server are secure.