Overview
Some customers require setting up MET/TEAM as a secure web site, using the HTTPS protocol instead of HTTP. The MET/TEAM Server installer is only capable of setting up a MET/TEAM web site to use the HTTP protocol. However, the web site can be easily converted to a secure web site by following the instructions given in the document Setting up a Secure METTEAM Web Site using SSL.
If the customer is using MET/CAL, a few additional changes need to be made to the MET/TEAM web site configuration settings in order for MET/CAL to be able to successfully connect, retrieve and post information to MET/TEAM.
Note: Initial testing indicates that making the changes outlined below to the MET/TEAM web site configuration settings do not affect using the standard HTTP protocol
Process
- Follow the instructions in the document mentioned above to setup the MET/TEAM web site to use Secure Socket Layer (SSL).
- Once the installation is complete, run Internet Information Services (IIS) Manager and stop the MET/TEAM web site.
- Using Windows Explorer, navigate to the MET/TEAM web site’s root folder (typically C:\inetpub\wwwroot\METTEAM) and open the config file using a text editor.
- Make the following changes to the <system.serviceModel> section of the file:
- In the <system.serviceModel> section, add the <webHttpBinding> section in bold
- Delete or comment out the <client> section
- In the below example "<!--" and "-->" have been added before and after the <client> section to comment it out
- Change the serviceMetadata line to what is noted in bold
<system.serviceModel>
<webHttpBinding>
<binding maxReceivedMessageSize="2147483647">
<security mode="Transport" />
</binding>
</webHttpBinding>
<!—Added to support HTTPS -->
<!--
<client>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="https://<address>:<port>/RemoteDataService.svc" />
</baseAddresses>
</host>
</client>
-->
<!-- This setting controls the amount of data MET/CAL can transfer in one transaction. -->
<standardEndpoints>
<webHttpEndpoint>
<!-- Removed to support https (need to determine how to support it!) -->
<!-- <standardEndpoint name="" maxReceivedMessageSize="16777216" maxBufferSize="16777216"> -->
</webHttpEndpoint>
</standardEndpoints>
<behaviors>
<serviceBehaviors>
<behavior name="">
<!—Changed to support HTTPS -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
- Save and close the config file.
- Start the web site.
Update the workstation registry if only TLS 1.2 is allowed
- On the METCAL workstation, have IT open Registry Editor
-
Add a registry key to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 named SchUseStrongCrypto with a value of 1
Update the MET/TEAM Server URL in METCAL Runtime
- Open METCAL Runtime
- Click the CONFIGURE tab
- Select Workstation Configuration
- Update the MET/TEAM Server URL field to the new https address you specified earlier