Configuring the Server for SSL (HTTPS)
  • 08 Mar 2022
  • 3 Minutes to read
  • Dark
    Light

Configuring the Server for SSL (HTTPS)

  • Dark
    Light

Overview

As an added layer of protection, Decisions supports the use of SSL (Secure Sockets Layer) encryption over HTTPS. This allows Administrators to further secure a transaction by creating an encrypted link between Decisions and the browser.

The following document demonstrates how to configure a server for SSL encryption in a v8 Installation


IIS Installation 

  1. Setup and enable SSL Bindings for HTTPS. 
  2. Open DecisionsServerInstaller.exe via Run as administrator, then click EDIT SETTINGS. 
  3. In the Settings window, under the Misc category, locate ControlInstanceEndPoints.

    Then, click the ellipses beside its respective value. 
  4. From the EndPointDefinition Collection Editor, select Member 1 and verify that the Port matches the value used for the HttpsEndPointPort (usually 443). Then, click OK. 
  5. While still in the Settings window, adjust the listed Settings as follows, then click Save.
    SettingSuggested Configuration
    EnableHttpsSet to True 
    HttpsCertificatePasswordProvide the applicable Password for the Certificate; if there is no Password, leave this blank. 
    HttpsCertificatePath Provide the physical File Path for the certificate. 
    HttpsPortKeep set to 443
    PortalBaseUrlChange "http://" to "https://"

  6. Back in the Installation Type screen, click RESTART SERVICE. 


Self-Hosted Installation

The following sections demonstrate the two methods by which HTTPS can be enabled in a Self-Hosted environment. 

Physical File Path: During Installation

  1. During installation from the Base Portal URL screen, check the Enable Https box.
  2. Provide the proper Port, Certificate location, and if required, the Certificate Password.
    HTTPS Redirect 
    If desired, check Enable Http To Https Redirection to redirect all HTTP requests to HTTPS.

  3. Continue the installation process. 

Physical File Path: After Installation

  1. After installation, run DecisionsServerInstaller.exe via Run as administrator
  2. From the Installation Type screen, click EDIT SETTINGS.
  3. From the Settings window, adjust the following settings as shown. Then click Save.
    Alternate Settings Location 
    The following settings can also be adjusted via the Settings.xml file located at C:\Program Files\Decisions\Decisions Server.
    SettingSuggested Configuration
    EnableHttpsSet to True 
    HttpsCertificatePasswordProvide the applicable Password for the Certificate; if there is no Password, leave this blank. 
    HttpsCertificatePath Provide the physical File Path for the certificate. 
    HttpsPortKeep set to 443
    PortalBaseUrlChange "http://" to "https://"

  4. Restart Decisions via the RESTART SERVICE button. 

  5. Navigate to the Portal Base URL


Certificate Store

Users can install Certificates to the Certificate Store and read the respective Certificate Information from it.

Decisions Readable Store
Currently, a Decisions environment can only read Certificates from the LocalMachine > Personal store. 

Opening Certificate Store

The Certificate Store is the location wherein Windows stores its .cert files. By using the Manage computer certificates panel, Administrators can locate, view, Import, and Export digital Certificates for use throughout the Local Machine

  1. From the Local File System, via the Search tool, search for and open Manage computer certificates
  2. From the Folder Tree on the left,  expand the Personal node.
  3. View the respective information to the right of each Certificate in the store. 

Installer

Certificates can be added via the DecisionsServerInstaller.exe from the Portal Base Url screen. This can be applied to a new installation or a pre-existing one by checking Change Settings on Update before clicking UPDATE. 

  1. From the Portal Base Url screen, check Enable Https
  2. Under Pick Certificate Source, select Certificate Store
  3. If required, adjust the Port value, then select the desired Certificate from the dropdown. 
  4. Proceed with the rest of the installation process. 

Settings.xml

In addition to DecisionsServerInstaller.exe, Certificate Store directions can be defined via the Settings.xml file. 

  1. From the Local File System, navigate to C:\Program Files\Decisions\Decisions Server and open Settings.xml in a Text Editor
  2. Locate the CertificateThumbPrint and HttpsCertificateLocation tags. 
  3. Specify CertificateStore value to the HttpsCertificateLocation node.
  4. Provide the Certificate Thumbprint to its respective space.
  5. Save and close the file. 


Decisions 7 IIS Hosted environments
Decisions supports CA (certificate authority) and self-signed SSL certificates installed via IIS.

Self-Signed Certificate Generation Script

By default, Decisions Installations provide a Self-Signed Certificate Generator in the Decisions Server folder.

This Windows PowerShell Script allows the ability to create a Certificate that can be used for testing v8 SSL configurations in Self Hosted and IIS environments. 

  1. From the Local File System, navigate to C:\Programs Files\Decisions\Decisions Server.
  2. Locate GenerateCertificate, then run it with PowerShell as an Administrator
  3. From the PowerShell window, type "./GenerateCertificate.ps1". Then, press enter; verify that the script successfully creates a Certificate called "Decisions.cer".

Certification Expiration

If the Certificate for SSL expires, access to the server will not be available until fixed. Fixing this includes getting the new Certificate installed.

If the Certificate Name doesn't change, Recycle IIS. If the Certificate Name does change, then update the SSL Certificate in the Site Bindings to use the new Certificate.


STARTTLS Configuration 

STARTTLS is an email protocol command that uses SSL/TSL as a means of converting an Email Client's connection from an insecure one, into a secure one. 

When using STARTTLS with Decisions, users should configure their SMTP Settings as they typically would.

Explicit SSL

By default, Decisions requests that SSL is used explicitly. To enable this:

  1. Open DecisionsServerInstaller.exe; from the Installation Type screen, click EDIT SETTINGS. 
  2. From the Settings window, navigate to expand Mail > SmtpServer.
  3. Under the SmtpServer category, set UseImplicitSSL to False, and UseSSL to True
  4. Click Save, then restart Decisions via RESTART SERVICE. 

For further information on Installation, visit the Decisions Forum.

Was this article helpful?