Configuring SSL (HTTPS)

Overview

The platform supports SSL encryption for secure transactions over HTTPS, configured using the installer.

1. Launch the v7 installer, then click the Edit Settings button. 
2. Navigate to the EndPointDefinition Collection Editor.
3. Ensure the Ports are set to 80 (HTTP) and 443 (HTTPS), the default values set by the installer. 
4. Installing an SSL Certificate is dependent upon the Installer App Hosting option selected. 

• SSL configuration for IIS hosting is the same method used in v6
• SSL configuration for self-hosting is outlined below

Self-Hosted Installation

Physical File Path: During Installation

During the Decisions install users will be asked to configure the base portal URL. At this section check 'Enable Https' and fill out the relevant prompts for the setup.

1. Users need to select Physical File Path at Pick Certificate Source option
2. Specify certificate path
3. Provide certificate password if it requires

Physical File Path: After Installation

1. To configure the SSL install after installation, start by running the DecisionsServerInstaller.exe. 
2. In the Decisions Installer menu, select 'EDIT SETTINGS'
   
   
3. Within this menu there will be three settings that will need to be configured:
   1. EnableHttps (Turns HTTPS capability on)
   2. HttpsCertificatePassword (The optional configured Certificate Password. If there is no password leave it blank)
   3. HttpsCertifcatePath (The File Path to the Certificate)
   4. Https(default can be used)
   5. Set the PortalBaseURL to https://portalURL
      Note

      These settings can also be adjusted in the settings.xml file located in the C:\Program Files\Decisions\Decisions Server instead of the Decisions installer 'Edit Settings'.
4. Once those settings have been configured navigate to the Decisions 7 Portal Base URL.

Certificate Store

Users can install certificates at the certificate store and read the certificate information from it.  Currently, Decisions can read certificates only from LocalMachine > Personal store. Learn how to Retrieve the Thumbprint of a Certificate. 

How To Open Certificate Store

Search for and open Manage Computer Certificates.

1. From the left side tree, expand the Personal node.
2. The Certificate node will get displayed if any certificates are present in it.
3. Select Certificate, Certificates will be viewable on the right side.

Installer

1. Select CertificateStore at the Pick Certificate Source option
2. Select a certificate from the dropdown.

Settings.xml

1. Specify CertificateStore value to the HttpsCertificateLocation node.
2. Provide certificate thumbprint at CertificateThumbPrint.
   

Self-Signed Certificate Generation Script

1. A self-signed certificate generator is located in C:\Programs Files\Decisions\Decisions Server.
   This Windows Power Shell script can be used for testing v7 SSL configurations.
2. To run this script, run the Windows PowerShell program as an Administrator. 
3. Navigate to the Decisions Server folder. 
4. Type ./GenerateCertificate.ps1 in the powershell window.
   The script will create a certificate, called "Decisions.cer," that can be used for testing IIS hosted or self-hosted environments.
   

Certification Expiration

If the certificate for SSL expires access to the server will not be available until fixed. To fix this includes getting the new certificate installed. If the certificate name doesn't change recycle IIS. If the certificate name does change then update the SSL certificate in the site bindings to use the new certificate.

STARTTLS Configuration 

STARTTLS is an email protocol command that uses SSL/TSL as a means of converting an Email Client's connection from insecure, into a secure one. 

When using STARTTLS with Decisions, users should configure their SMTP Settings as they typically would.