How do I set up a secure connection in an on-premises installation?
On Windows
- Provision your certificate. You will need a PFX. If you only have a CRT file, convert it online.
- Open the certificate management console.
- Navigate to Users\Public and Import the certificate into
Trusted
(“root”) folder. - Open the certificate you just imported and copy the Thumbprint attribute.
- Run the following command as administrator:
netsh http add sslcert ipport=0.0.0.0:443 certhash=my_thumbprint_without_spaces appid={00000000-0000-0000-0000-000000000000}
. Substitutemy_thumbprint_without_spaces
by the thumbprint attribute you copied (without spaces). Modify the port, if needed. If you’re getting error 1312, either try moving the certificate to the personal store, or make sure you’re importing PFX (not CRT or CER). There must be a tiny icon of a key over the icon of the certificate in the store. - For every instance, edit its configuration (Tisane.Runtime.Service.exe.config). Two modifications are needed:
- Under
webHttpBinding
, inside thebinding
tag, add:
<security mode="Transport"> <transport clientCredentialType="None" proxyCredentialType="None" /> </security>
- Inside the
baseAddresses
tag, add:
<add baseAddress="https://localhost:443/" />
- Under
Restart the service.