HTTPS
Prerequisites
Flow website version 9.7.7.4 or greater
DMan 1.5.24.0 or greater
other readers may have specific version requirements
Configure for HTTPS
In order to use HTTPS there are some configuration steps to be taken.
IIS Setup
Certificate Required
A certificate is required to be installed on the server to enable HTTPS using SSL/TLS. You can generate a self-signed certificate to use on your own internal servers however for public facing sites you need a certificate from signing authority (free and paid options exist). To get started considering your options for a certificate you can refer to some notes we've made for you:Â SSL/TLS Certificates
Site Bindings
Once you have a certificate installed on your server you need to update your website bindings in IIS.
Select the site
Click the Bindings... link on the right hand Actions panel
Add an HTTPS binding
Assign your certificiate
Flow Setup
By default it is setup to support HTTP only. In the Configurations folder of the website (typically C:\inetpub\wwwroot\chameleon\Configurations) you will need to edit or replace the file named: system.serviceModel.services.config
To allow both HTTP and HTTPS use - replace the existing version system.serviceModel.services.config file with the contents of the file named system.serviceModel.servicesHttpBoth.config.
If you do so you should redirect the HTTP requests to HTTPS. See the section below with some info on how to achieve this.
To switch to use only HTTPS - replace the existing http version with the https version. Simply replace the existing system.serviceModel.services.config file with contents of the system.serviceModel.servicesHttps.config file.Â
Redirect HTTP to HTTPS
If you have the http binding enabled in IIS and Flow config you can redirect to HTTPS using a preference setting in Flow.
HTTPS > Enable redirect from HTTP to HTTPS
set to true
HTTPS > Strict-Transport-Security Max Age
Web Player Setup
The ports used by the web player need to match the port that has been secured by the certificate on the server so it can also use HTTPS. The recommended port number is 443 (the standard https port).
Note that while the player typically indicates it's url using a localhost url the machine name can also be used in place of localhost if the certificate applies to the machine name as well.
DMan Setup
Update the DMan settings to use the HTTPS address once it's enabled.Â
The DMan settings can be accessed via the DMan Data Management icon in the task tray. Click on it to open the popup menu and then select Settings. Replace the old http based address with a new https address for your instance.