How do I set up a secure connection in an on-premises installation?

On Windows

  1. Provision your certificate. You will need a PFX. If you only have a CRT file, convert it online.
  2. Open the certificate management console.
  3. Navigate to Users\Public and Import the certificate into Trusted (“root”) folder.
  4. Open the certificate you just imported and copy the Thumbprint attribute.
  5. Run the following command as administrator: netsh http add sslcert ipport=0.0.0.0:443 certhash=my_thumbprint_without_spaces appid={00000000-0000-0000-0000-000000000000}. Substitute my_thumbprint_without_spaces by the thumbprint attribute you copied (without spaces). Modify the port, if needed. If you’re getting error 1312, either try moving the certificate to the personal store, or make sure you’re importing PFX (not CRT or CER). There must be a tiny icon of a key over the icon of the certificate in the store.
  6. For every instance, edit its configuration (Tisane.Runtime.Service.exe.config). Two modifications are needed:
    • Under webHttpBinding, inside the binding tag, add:
            <security mode="Transport">
          <transport clientCredentialType="None" proxyCredentialType="None" />
        </security>
    • Inside the baseAddresses tag, add:
    <add baseAddress="https://localhost:443/" />

Restart the service.