HTTPS

Prerequisites

  1. Flow website version 9.7.7.4 or greater

  2. DMan 1.5.24.0 or greater

  3. other readers may have specific version requirements

Configure for HTTPS

In order to use HTTPS there are some configuration steps to be taken.

IIS Setup

Certificate Required

A certificate is required to be installed on the server to enable HTTPS using SSL/TLS. You can generate a self-signed certificate to use on your own internal servers however for public facing sites you need a certificate from signing authority (free and paid options exist). To get started considering your options for a certificate you can refer to some notes we've made for you: SSL/TLS Certificates

Site Bindings

Once you have a certificate installed on your server you need to update your website bindings in IIS.

  • Select the site

  • Click the Bindings... link on the right hand Actions panel

  • Add an HTTPS binding

    • Assign your certificiate

Flow Setup

By default it is setup to support HTTP only. In the Configurations folder of the website (typically C:\inetpub\wwwroot\chameleon\Configurations) you will need to edit or replace the file named: system.serviceModel.services.config

To allow both HTTP and HTTPS use - replace the existing version system.serviceModel.services.config file with the contents of the file named system.serviceModel.servicesHttpBoth.config.

If you do so you should redirect the HTTP requests to HTTPS. See the section below with some info on how to achieve this.

To switch to use only HTTPS - replace the existing http version with the https version. Simply replace the existing system.serviceModel.services.config file with contents of the system.serviceModel.servicesHttps.config file. 

Redirect HTTP to HTTPS

If you have the http binding enabled in IIS and Flow config you can redirect to HTTPS using a preference setting in Flow.

  • HTTPS > Enable redirect from HTTP to HTTPS

    • set to true

  • HTTPS > Strict-Transport-Security Max Age

Web Player Setup

The ports used by the web player need to match the port that has been secured by the certificate on the server so it can also use HTTPS. The recommended port number is 443 (the standard https port).

Note that while the player typically indicates it's url using a localhost url the machine name can also be used in place of localhost if the certificate applies to the machine name as well.

DMan Setup

Update the DMan settings to use the HTTPS address once it's enabled. 

The DMan settings can be accessed via the DMan Data Management icon in the task tray. Click on it to open the popup menu and then select Settings. Replace the old http based address with a new https address for your instance.