Enabling HTTPS (SSL) on your Intranet

Introduction

This article details how to install SSL Certificates for various purposes. 

SSL is a protocol which secures network communication. Part of this protocol is using certificates to establish a trust relationship between two systems. There are multiple places where you may need to install a certificate to establish a trust relationship:

  1. Intranet Connections calls itself to run the scheduled tasks. If you Intranet is set to only allow https:// access, you will need to install your site's certificate.
  2. You can optionally chose to connect to your Active Directory server using LDAPS. To enable this connection, you will need to install your Active Directory's certificate.
  3. You are connecting to an Exchange Server using HTTPS to pull a shared calendar. To enable this connection, you will need to install your Exchange Server's certificate.

The following instructions apply to Railo 3.3.2 and higher as well as Lucee 4.5 and higher.

Step 1: Install SSL Certificate in IIS

Install certificate into IIS. You will need to download your SSL certificate.

Download the Certificate

Using a browser of your choice, navigate using HTTPS:// to resource you want to connect to and download the certificate.

The steps are slightly different for each broswer:

Intranet Explorer 11

  1. Navigate using HTTPS to the resource you want to connect to
  2. Right click on the page and choose Properties
  3. Click on Certificates
  4. Click Details tab
  5. Click "Copy to File.."
  6. Choose the format "DER encoded binary X.509 (.CER)
  7. Choose a file name and download.

Chrome

  1.  Navigate using HTTPS to the resource you want to connect to
  2. Click on the Lock icon in the address bar and choose Connection tab
  3. Click Certificate Information
  4. Click Details tab.
  5. Click "Copy to File..."
  6. Choose the format "DER encoded binary X.509 (.CER)
  7. Choose a file name and download

Install the Certificate into IIS

To install the certificate into IIS, please follow the instructions shown on the following KB article: IIS 7 SSL Certificate Installation

Step 2: Install SSL Certificate in Railo/Lucee (Skip if you are using ColdFusion)

Install certificate into Railo. You can use the Railo Server Administrator to import the SSL certificate into Railo.

  1. Navigate to the Railo/Lucee Server Administrator by going to the following link:
    http://<server name>/railo-context/admin/server.cfm or http://<server name>/lucee/admin/server.cfm  (the default password is "connections")
  2. In the left menu, under Services, choose SSL Certificates
  3. Enter the host name of the domain controller that you are trying to connect to. The default is  port 443 for the intranet site, and 636 for LDAPS..
  4. Click "install".

See this link for more information: http://blog.getrailo.com/post.cfm/installing-ssl-certificates

Step 3: Install SSL Certificate into Java

This step is not necessary for:

  • LDAPS when running Railo, and cert imported via Step 2

This instructions import a root cert into the  Java keystore called "cacerts" using ‘keytool –import’ command line

You will use the SSL certificate you downloaded in step 1 above.

Install the Certificate into Java Run-Time Environment

  1. Start a command prompt with "run as administrator" on the intranet server
  2. Type "set JAVA_HOME" to get the path set by this environment variable.
  3. Backup the cacerts file located under %JAVA_HOME%\lib\security as precaution.
  4. If you are running Railo 4.2.1, goto C:\Railo\bin
    If you are running Lucee 4.5, go to c:\Lucee\bin
    OTHERWISE
    Navigate to the directory %JAVA_HOME%\bin which should contain  the keytool executable.
  5. Run this command:
    keytool -import -alias <a meaningful name> -file <path to cert exported from AD> -keystore <path to cacerts file>

    e.g. 
    keytool -import -alias LDAPS -file "C:\LDAPCert.cer" -keystore "C:\ProgramFiles\Java\jre\lib\security\cacerts"

The default password for the cacerts file is changeit .

 After performing Step 1 and Step 2, restart the Railo service and the IIS Server.

 

Referenced by:

Have more questions? Submit a request

0 Comments

Article is closed for comments.