Views:

Overview

This document outlines the basic process for setting up a secure MET/TEAM web site using Secure Socket Layer (SSL). This is by no means the only way to accomplish this but it does provide the basic information on what needs to be done.

If your MET/TEAM web site is already configured for SSL and are also a MET/CAL user, please see Using MET/CAL With A Secure MET/TEAM Web Site.

Process

  • Run the MET/TEAM Server installer on the server that is to host the MET/TEAM web site.
  • Once the installation is complete, run Internet Information Services (IIS) Manager and stop the MET/TEAM web site.
  • Obtain a valid SSL certificate from an issuing authority.
  • For testing purposes, you can create your own self-signed SSL certificate using openssl or other tool. Refer to the references section of this document for more information on creating a self-signed SSL certificate.
  • Install the SSL certificate on the MET/TEAM server machine.
    1. Run certmgr.msc
    2. Right-click the Certificates node under Trusted Root Certification Authorities and select All Tasks > Import
    3. Click Next
    4. Locate and select the *.pfx file. Click Next
    5. Enter the password used to create the certificate. Click Next
    6. Click Next
    7. Click Finish
  • Setup the certificate in Internet Information Services (IIS )
    1. Run IIS
    2. Select the root node on the left
    3. Double-click Server Certificates
    4. Click the Import link on the right
    5. Select the *.pfx file
    6. Enter the password used to create the certificate
    7. Click OK
  • Enable SSL for the web site
    1. Run IIS
    2. Select the web site node on the left
    3. Click the Bindings link on the right
    4. Click Add to create a new binding
    5. Select https as the Type, enter a port number and select the certificate to use
    6. Click OK
    7. Click Close
    8. Double-click the SSL Settings icon
    9. Check the Require SSL checkbox
    10. Select the Ignore client certificates option
    11. Click the Apply link on the right
  • Remove the non-secure binding for the web site
    Note: Before removing the non-secure binding, make sure to update the MET/TEAM Server URL in MET/CAL detailed in the previous link
    1. Run IIS
    2. Select the web site node on the left
    3. Click the Bindings link on the right
    4. Select the http binding in the list
    5. Click Remove
    6. Click Close
  • Start the web site

References

http://wiki.openwrt.org/doc/howto/http.mini-httpd

http://slproweb.com/products/Win32OpenSSL.html

http://stackoverflow.com/questions/10175812/how-to-build-a-self-signed-certificate-with-openssl

http://stackoverflow.com/questions/19926385/amazon-ec2-ssl

http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html

http://www.robbagby.com/iis/self-signed-certificates-on-iis-7-the-easy-way-and-the-most-effective-way/

http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html