Applies from Application Suite 2014.3.1
- Application Suite version 2014.3 or higher
- Windows Server 2008 or higher
How to install a custom certificate on the Application Suite server to allow the use of HTTPS protocol for the web portal, for the XML Services and for ECC-Curri web service, and other services hosted by IIS.
To enable https for the IAS services provided through IIS, there are three solutions:
- Use a self signed certificate. This solution has no cost, but implies that the certificate must be manually added to the trusted certificates of each client (for some use cases, the PBX is an https client)
- Using a certificate issued by the Domain Controller. This is also free, but the certificate will be valid within the domain only
- Using a certificate issued by a well known Certificate Authority. This may have an additional cost for the customer
When a certificate which has a CN matching the IAS server FQDN is available, you must load it to the IAS web server.
How to use the AppSuite self-signed certificate
You can use the self-signed certificate that had been generated and installed on IIS during IAS installation.
However, this certificate must be modified to match current machine's Fully Qualified Domain Name.
Open "Internet Information Services (IIS) Manager" and select the main node in the left panel. Click on "Server Certificates", double click on certificate issued to "ImagicleApplicationSuite". In the "Details" tab, select "Authority Key Identifier" field and look for the "CN=" string in the Value.
If the CN does not match machine FQDN (it must match the exact FQDN entered in ECC configuration), please proceed as follows:
a. Remove the certificate
b. Remove the https binding on port 443
In the left panel of "Internet Information Services (IIS) Manager", select "Default Web Site". Then, in the right panel, click on "Bindings...". In the left panel, select row for protocol "https" on port "443" and click Remove.
c. Modify the file
<StonevoiceAS>\System\SSL\ImagicleSSLCert.ps1 and ImagicleUdsProxyCert.ps1
Editing line 15:
From: $CertificateName = "ImagicleApplicationSuite";
To: $CertificateName = $env:computername;
d. Run the following batch file with administrative permissions:
Now the certificate looks like this (in the example, the FQDN is "MYIAS"):
How to use a certificate issued by the Domain Controller
If the IAS server belongs to an Active Directory domain, you can request a new web server certificate.
Log in to the Imagicle Application Server as an administrator with permission to Enroll for a Web Server Certificate (e.g. a Domain Administrator).
Click the Start button, then Run, type cmd.exe, right click over Command Prompt and click on Run as administrator
- In the Command prompt shell, type mmc.exe.
- Open the File menu and select Add/Remove snap-in.
- In the Add or Remove Snap-ins window, select Certificates, and click Add.
- Choose Computer Account, and click Next.
- Choose Local Computer, and then Finish.
- Click OK on the Add or Remove Snap-ins window.
- Expand Certificates.
- Expand Trusted Root Certification Authorities and click Certificates. Make sure the root certificate is present for the Enterprise Certificate Authority in the domain.
- Right-click Personal and select All Tasks, then Request New Certificate.
- Click Next.
- If prompted to select a Certificate Enrollment Policy, select one under the category of Configured by your administrator. Click Next.
- Select Web Server (If Web server is unavailable see the WebServer certificate section), and click the link for More information is required to enroll for this certificate. Click here to configure settings.
- Click the Subject tab:
- Under the Subject Name section, change the Type to Common Name, and change the Value of the Fully Qualified Domain Name of the server hosting the Imagicle Application Suite (e.g. myias.mydomain.com).
- Click Add.
- (optional) Click the General tab and type a Friendly Name
- Click Apply, and OK.
- On the Certificate Enrollment window, click Enroll.
- Verify that the STATUS is Succeeded, and click Finish.
If there is no available WebServer certificate, you have to create it.
- On the CA computer (the DC), click Start, type certtmpl.msc, and then press ENTER.
- In the contents pane, right-click the Web Server template, and then click Properties.
- Click the Security tab, and then click Add.
- Click Object Types
- Flag Computers checkbox
- In Enter the object names to select, type the name of Imagicle Application Suite Server, and then click OK.
- In Permissions, click Enroll under Allow, and then click OK.
How to use a certificate issued by a well-known Certificate Authority
- Ensure you already have a valid certificate (with private key) in a .pfx file format
- Access to Imagicle Server and launch IIS Manager
- Select the computer in the left tree view and double-click on "Server Certificates"
- Click on Import command on the right actions panel
- Select the certificate pfx file
- Insert the relevant password
- Tick the option "Allow this certificate to be exported" and press OK
- Click on "Default Web Site" in the left tree view
- Click on "Bindings..." command in right actions panel
- Click on https and press Edit button
- Under "SSL Certificate" drop-down menu choose the new certificate and press OK
- Close IIS Manager
Configure IIS to use the certificate
When a certificate which has a CN matching the IAS server FQDN is available, you must load it to the IIS web server.
In the left panel of "Internet Information Services (IIS) Manager", select "Default Web Site". Then, in the right panel, click on "Bindings...":
In the left panel, select row for protocol "https" on port "443" and click Edit:
In "SSL certificate" dropdown, choose the certificate with IAS Server FQDN: