Setting up ELMA to work with https

HTTPS (Hypertext Transfer Protocol Secure) – is an extension of HTTP, which supports encryption. The data, transferred with the HTTPS, are encrypted using SSL or TLS, which ensure secure communication. By default, the TCP 443 port is used for HTTPS.

Overview

HTTPS is not an independent protocol. It is HTTP, encrypted with SSL and TLS. It prevents network connection listening attacks (sniffing attacks and man-in-the-middle attacks), if encryption is used, and the server certificate is verified and trusted.

By default, HTTPS URL uses the TCP 443 port (80 for insecure HTTP). To prepare a web server for https connections, a system administrator has to obtain and install a certificate for this web server. A certificate consists of two parts (keys): public and private. The public part of the certificate is used for encrypting the client-to-server traffic in a secure connection; the private part is used for decrypting the encrypted data on the server, received from the client. Once the private and public keys are generated, a request for a certificate to the Certification Authority is generated. In response, the CA returns a signed certificate. When signing, the CA verifies the client, which guarantees that the certificate holder is the right person (usually this is a paid service).

This system can be used to authenticate the client, in order to grant access to the server only to authorized users. For this purpose, the administrator creates certificates for each user and uploads them to the web browser of each user. All the certificates, signed by the organizations, which the server trusts, will also be accepted. Such a certificate usually contains the name and email of an authorized user, which are verified upon each connection, thus authenticating the user without having them enter a password.

More information here: https://en.wikipedia.org/wiki/HTTPS.

This article describes how to set up ELMA to work with HTTPS.

General steps

1. Obtain a certificate.

2. Set up HTTPS binding.

3. Edit the configuration file

4. Set up ELMA Agent.

Obtain a certificate

1. Open the Internet Information Services (IIS) Manager

2. Open the server certificates

3. Click Create Self-Signed Certificate

4. Name the certificate

Now you can start setting up HTTPS.

Binding and setting up HTTPS

1. In the IIS Manager, right-click on your website and select Edit Bindings

2. In the opened dialog box, click Add… and fill in the fields: in the Type field, select https, in the SSL certificate field, select the certificate created earlier.

Host name – contains the name of the host. Specify it, if you need to assign one or several host names (domain names) to one computer, using one IP address. If you specify a host name, then it must be used in order to access the website, instead of an IP address.

If this host is available on the Internet, you must specify the host name in the same way, that users will enter it in the browser. If a host has several domain names, create separate bindings for each host name. If the website is in an internal network, there is no need to specify a host name. However, if the DNS server stores other names for this web server, you can create a separate binding for each host name, so that users could use other names, stored on the DNS server.

Note
You can also set up several bindings. For example, an HTTPS binding for an external website, and an HTTP binding for a local network.

3. Next, configure SSL settings, as shown in this figure:

You can find more information on configuring SSL here.

4. Now you can access your website via this address: https://localhost:443

The HTTPS set up is complete.

5. To make cookie sessions secure, open the configuration file ../<ELMA directory>/Web/Web.config and change <forms name="Elma.V3.Forms.Auth" requireSSL="false" to <forms name="Elma.V3.Forms.Auth" requireSSL="true":

Set up ELMA Agent

1. When starting ELMA Agent, specify the address as https://localhost:443: