Configure SSL/HTTPS

Table of Contents

Requirements

  • BiG EVAL was completely installed and configured. It is now running on a non-SSL/HTTPS URL.
  • You own a valid SSL-Certificate that was issued for the URL you want BiG EVAL run onto. Please contact your administrator if you need to get such a certificate.
    • The certificate is stored as a PFX-file that includes the private- and the public key.
    • You own the password or any other security credentials to access the PFX-files content.

Instructions

  1. Install the SSL-Certificate in the computers certificate store. To do that, you need to double-click on the PFX-file and choose “Local Machine” as the certificate store.
  2. Open the appsettings.json file of BiG EVAL in your text editor (How to edit appsettings.json).
  3. Replace the actual URL in the configuration-key server -> urls by your HTTPS-URL or add the HTTPS-URL as an additional URL to the existing URL by separating them with a semicolon (;).
  4. Save and close the appsettings.json file.
  5. Register the SSL-URL by following these instructions Register URL.
  6. Associate the SSL-Certificate that is now stored in your certification store with the URL you registered.
    Open a command-line or powershell-window with local administrator permissions and run the following command:
netsh http add sslcert ipport=0.0.0.0:443 certstorename=MY certhash=c20965abecfff0ee2dfb0121ec173db33e371cd1 appid={4084CF5D-09E5-44D4-9A30-D027C8130E7A}

There are several parameters in this command:

ipport=…
Either use the wildcard 0.0.0.0 that binds the SSL certificate to all IP-Addresses of the server, or use the IP-Address of your network-interface, that will listen to the HTTPS-Requests. When using a specific IP-Address you must add a binding for the loopback interface as well. Otherwise some features of BiG EVAL do not work correctly.
Also use the HTTPS-Port-Number you plan to use. Usually this is 443 because this is the default-HTTPS-Port that every browser and firewall is aware about. So we do not recommend to use another HTTPS-Port.

certstorename=MY
The value “MY” points to the local computer certification store.

certhash=…
Every SSL-certificate has a thumbprint that is a HEX-encoded string. You find that thumbprint in the details of your certificate in the certification-store. There is a known issue when copying the thumbprint from there using the clipboard. Copying it adds an invisible character at the end of the string, that cannot easily removed. So we recommend to type the thumbprint manually character by character or use any other source of the thumbprint.

appid=…
This identifies the application that will use the SSL-Binding at the end. It really doesn’t matter what value you provide. So you can use the value in the sample above or use any other unique identifier (GUID). But enter it within brackets.

  1. Restart the BiG EVAL Windows Service (How to restart)
  2. Test the frontend access on the new SSL/HTTPS URL.