Support | Technotes

Equisys technical notes

Technical guidance, explanations and fixes for our products

Technotes

HOWTO: Enabling HTTPS support on an IIS web server

Print

ZTN2020

ID: ZTN2020

This Zetalink technical note applies to:

  • Zetalink version 1.0
  • Microsoft Internet Information Services server version 5.0

Summary

This document details step-by-step instructions to configure the Internet Information Services (IIS) server hosting the Zetalink External Website for encrypted traffic, using a Secure Sockets Layer (SSL) server certificate. It assumes that you have followed the steps in the Zetalink Implementation Guide to install the Zetalink External Website components.

More information

Following the instructions below will enable the Zetalink Website to accept HTTPS calls from WAP mobile devices.

Creating the Certificate Request

This step and the next can be skipped if you have already obtained a certificate from a trusted "Certifying Authority" (CA) such as Verisign. If not follow these steps to acquire one.

NOTE: Zetalink only supports HTTPS with security certificates issued by a trusted root CA. This is due to most WAP gateways not offering a facility to accept security certificate prompts from untrusted sources.

  1. Log on to the IIS server and open the Internet Services Manager snap in.
  2. Double click the server name to expose all the websites.
  3. Right click the Website hosting the Zetalink virtual directory (this will usually be the Default Web Site) and choose 'Properties'.
  4. Go to the 'Directory Security' tab.
  5. Click 'Server Certificate' and select 'Next' on the Welcome screen.
  6. Choose 'Create a new certificate' and select 'Next'.
  7. Select 'Prepare the request now, but send it later' and click 'Next'.
  8. Enter the certificate name. The certificate name should match the host and domain being published. This is the name the user will type into their mobile device (e.g. www.domain.com).
  9. Select the 'Bit Length' desired (1024 is recommended) and click 'Next'.
  10. Enter the 'Organization' and 'Organizational unit' (e.g. company name and department) then click 'Next'.
  11. Enter the Site's 'Common Name'. This should be the same as the certificate name in step 8. Click 'Next'.
  12. Enter your Geographical Information and click 'Next'.
  13. Enter the certificate request file name and path (default is fine). This is the 'Certificate Signing Request' (CSR)
  14. Confirm the details you have entered and select 'Next' on the Request File Summary dialog.
  15. Select 'Finish' to close the Web Server Certificate Wizard.
  16. Then select 'OK' to close the Web Properties.

Submitting the Certificate Request

The process described below may change between CA's, but at the end of the process you should receive an e-mail from them containing the server certificate.

  1. Launch the browser on the IIS server and point it to the certificate server (e.g. http://www.verisign.com), navigate to the Secure Site Services section and select the certificate you wish to purchase.
  2. Follow the instructions presented until you reach the 'Submit CSR' page.
  3. Paste the contents of the CSR created above (e.g. c:\CERTREQ.TXT if the default was chosen) into the area. Make sure you include the BEGIN and END headers in the request. The content will look similar to this:

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIDMzCCApwCAQAwWDERMA8GA1UEAxMIZ2FuZGVyMmsxDDAKBgNVBAsTA2ZmZjEL

MAkGA1UEChMCZmYxDDAKBgNVBAcTA2RzZDENMAsGA1UECBMEZGRzZDELMAkGA1UE

BhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJXabzY5dRyHiHC+zujL

rhBRcwW7kQBt3JiWZOPMjlBCmlhYMKQ5o63IR3SaOpXGnwqgC3fbIZP5Bf3h5grq

LiRc+xVBjRmycqPvE1CiPwrWr9DglG4XPOApcmCP159bTaxkI7z/5seqPgX+Bt4/

/w8wKN8SB6Fop4A4X3iG5kEVAgMBAAGgggGZMBoGCisGAQQBgjcNAgMxDBYKNS4x

LjI2MDAuMjB7BgorBgEEAYI3AgEOMW0wazAOBgNVHQ8BAf8EBAMCBPAwRAYJKoZI

hvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsO

AwIHMAoGCCqGSIb3DQMHMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIH9BgorBgEEAYI3

DQICMYHuMIHrAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBo

AGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2

AGkAZABlAHIDgYkAqhB90KaT+xMLs+qIeBFFzGynaongHG0OdohUl6kP59cQLRKV

VH4yDN3sa+NhIcmJa5Ve3KVCm0q/3kOnP4Y4lItexKb5XgQVdAZBVrFsyaEocdAZ

jirw5yiDTUAtycmvjDf7fWscrgsHVGCYi4JTZ43AS0sS/+oaL1zQy7gi4DAAAAAA

AAAAADANBgkqhkiG9w0BAQUFAAOBgQBq39Uotiiyc+ZpBvRHyeKoCx9XKDnaVSm6

nNJGRlCo8kdLWMpOMK7teTiDOOLJ3aiHN4U6QG5GFSLfdkTq4DxgK3Rbcl9qaKFI

p2ZUQVfwxTALAwVnO3m7BVgmDnTMkbc9KSHKUtwDYHOXcrk1OOmbUG4HZnB4eLo8

HwSJGy676w==

-----END NEW CERTIFICATE REQUEST-----

  1. Submit this request and provide the additional contact information that allows the CA to perform checks in order to issue the certificate.

Note: It may take several days for the CA to issue a certificate. It will usually be received by e-mail to the address you provided in the above submission.

  1. Once the server certificate is received save the *.CER to disk and continue below.

Installing the issued certificate

  1. Log on to the IIS server and open the Internet Services Manager snap in.
  2. Double click the server name to expose all the websites.
  3. Right click the Website you created the certificate request for and choose 'Properties'.
  4. Go to the 'Directory Security' tab.
  5. Click 'Server Certificate' and select 'Next' to continue.
  6. Choose 'Process a pending request and install the certificate' and select 'Next'.
  7. Enter the path to the certificate from the CA you saved to disk earlier in step 5 ("Submitting the Certificate Request" section above) and click 'Next'.
  8. Verify the information is correct on the 'Certificate Summary' screen and click 'Next'.
  9. Click 'Finish' to complete the process.

Setting up the SSL Website

  1. Right click the Website you added the certificate to and choose 'Properties'
  2. On the 'Web Site' tab confirm the 'SSL port' is set to 443 (default).

  1. Click OK twice to close the Web Properties.
  2. If you only want Zetalink to accept SSL connections (only HTTPS not HTTP), right click the Zetalink virtual directory and select 'Properties'.
  3. Go to the 'Directory Security' tab and click 'Edit' in the 'Secure communications' section.
  4. Check the 'Require secure channel (SSL)' box.

  1. Click OK twice to close the Zetalink Properties.

You should now test your certificate by browsing to the Zetalink External Website. Enter the URL as https://www.domain.com/Zetalink/test.htm (where www.domain.com is the name of the certificate) confirm the test page is displayed and the browser padlock reports the bit strength of the CA issued certificate. Make sure the browser is configured to resolve www.domain.com to the externally accessible interface of the IIS server.

If you have required SSL for the Zetalink directory, be sure to inform all Zetalink users to edit their Zetalink bookmark to read 'https://www.domain.com/Zetalink/go.asp'.

Note: Some WAP gateways automatically use the secure channel when communicating with websites that require SSL irrespective of the protocol specified in your bookmark.

References

ZTN2019-HOWTO Enabling HTTPS support on an ISA server

ZTN2021-HOWTO Configuring Microsoft ISA Server with Zetalink

ZTN2022-HOWTO Configuring Zetalink to only allow HTTPS access

Last updated: 23 November 2001 (GC/DH)

Equisys Logo, Document Management and Expense Management for Business Central
 

Replaced by script