Configuring the Server for SSL (HTTPS)
  • 09 Jan 2023
  • 3 Minutes to read
  • Dark
    Light

Configuring the Server for SSL (HTTPS)

  • Dark
    Light

Overview

Decisions support using SSL (Secure Sockets Layer) encryption over HTTPS as an additional protection layer. This allows Administrators to further secure a transaction by creating an encrypted link between Decisions and the browser.

The following document demonstrates how to configure a server for SSL encryption in a v8 Installation


IIS Installation 

  1. Install/Import the certificate to the Windows certificate store.
  2. Set up and enable SSL Bindings for HTTPS. Refer to Microsoft's Documentation for reference, Create an SSL Binding.
  3. Open DecisionsServerInstaller.exe via Run as administrator, then click EDIT SETTINGS. 
  4. From the Settings window, adjust the listed Settings as follows, then click Save.


    SettingSuggested Configuration
    EnableHttpsSet to "true"
    HttpsPortSet to "443"
    PortalBaseUrlIf required, change "http://" to "https://"
    EnableHttptoHttpsRedirectionIf required, set to "true"
  5. Back in the Installation Type screen, click RESTART SERVICE. 


Self-Hosted Installation

The following sections demonstrate the two methods by which HTTPS can be enabled in a Self-Hosted environment. 

Physical File Path: During Installation

  1. During installation from the Base Portal URL screen, check the Enable Https box.
  2. Provide the proper Port, Certificate location, and, if required, the Certificate Password.
    HTTPS Redirect 
    If desired, check Enable Http To Https Redirection to redirect all HTTP requests to HTTPS.

  3. Continue the installation process. 

Physical File Path: After Installation

  1. After installation, run DecisionsServerInstaller.exe via Run as administrator
  2. From the Installation Type screen, click EDIT SETTINGS.
  3. From the Settings window, adjust the following settings as shown. Then click Save.
    Alternate Settings Location 
    The following settings can also be adjusted via the Settings.xml file located at C:\Program Files\Decisions\Decisions Server.
    SettingSuggested Configuration
    EnableHttpsSet to True 
    HttpsCertificatePasswordProvide the applicable Password for the Certificate; if there is no Password, leave this blank. 
    HttpsCertificatePath Provide the physical File Path for the certificate. 
    HttpsPortKeep set to 443
    PortalBaseUrlChange "http://" to "https://"

  4. Restart Decisions via the RESTART SERVICE button. 

  5. Navigate to the Portal Base URL


Certificate Store

Users can install Certificates to the Certificate Store and read the respective Certificate Information from it.

Decisions Readable Store
Currently, a Decisions environment can only read Certificates from the LocalMachine > Personal store. 

Opening Certificate Store

The Certificate Store is the location wherein Windows stores its .cert files. By using the Manage computer certificates panel, Administrators can locate, view, Import, and Export digital Certificates for use throughout the Local Machine

  1. From the Local File System, via the Search tool, search for and open Manage computer certificates
  2. From the Folder Tree on the left,  expand the Personal node.
  3. View the respective information to the right of each Certificate in the store. 

Installer

Certificates can be added via the DecisionsServerInstaller.exe from the Portal Base Url screen. This can be applied to a new or pre-existing installation by checking Change Settings on Update before clicking UPDATE. 

  1. From the Portal Base Url screen, check Enable Https
  2. Under Pick Certificate Source, select Certificate Store
  3. If required, adjust the Port value, then select the desired Certificate from the drop-down. 
  4. Proceed with the rest of the installation process. 

Settings.xml

In addition to DecisionsServerInstaller.exe, Certificate Store directions can be defined via the Settings.xml file. 

  1. From the Local File System, navigate to C:\Program Files\Decisions\Decisions Server and open Settings.xml in a Text Editor
  2. Locate the CertificateThumbPrint and HttpsCertificateLocation tags. 
  3. Specify CertificateStore value to the HttpsCertificateLocation node.
  4. Provide the Certificate Thumbprint to its respective space.
  5. Save and close the file. 


Decisions 7 IIS Hosted environments
Decisions support CA (certificate authority) and self-signed SSL certificates installed via IIS.

Self-Signed Certificate Generation Script

By default, Decisions Installations provide a Self-Signed Certificate Generator in the Decisions Server folder.

This Windows PowerShell Script allows the creation of a Certificate that can be used for testing v8 SSL configurations in Self Hosted and IIS environments. 

  1. From the Local File System, navigate to C:\Programs Files\Decisions\Decisions Server.
  2. Locate GenerateCertificate, then run it with PowerShell as an Administrator
  3. From the PowerShell window, type "./GenerateCertificate.ps1". Then, press enter; verify that the script successfully creates a Certificate called "Decisions.cer".

Certification Expiration

If the Certificate for SSL expires, access to the server will not be available until fixed. Fixing this includes getting the new Certificate installed.

If the Certificate Name doesn't change, Recycle IIS. If the Certificate Name changes, then update the SSL Certificate in the Site Bindings to use the new Certificate.


STARTTLS Configuration 

STARTTLS is an email protocol command that uses SSL/TSL to convert an Email Client's connection from an insecure one into a secure one. 

When using STARTTLS with Decisions, users should configure their SMTP Settings as they typically would.

Explicit SSL

By default, Decisions requests that SSL is used explicitly. To enable this:

  1. Open DecisionsServerInstaller.exe; from the Installation Type screen, click EDIT SETTINGS. 
  2. From the Settings window, navigate to expand Mail > SmtpServer.
  3. Under the SmtpServer category, set UseImplicitSSL to False and UseSSL to True
  4. Click Save, then restart Decisions via RESTART SERVICE. 

For further information on Installation, visit the Decisions Forum.

Was this article helpful?