Secure Print Portal with HTTPS
Introduction
What is HTTPS?
Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a Web Server. HTTPS is encrypted in order to increase security of data transfer.
How does HTTPS work?
HTTPS uses an encryption protocol to encrypt communications. The protocol is called Transport Layer Security (TLS), although formerly it was known as Secure Sockets Layer (SSL). To create a SSL Connection a Web Server requires an SSL Certificate.
What is an SSL Certificate and how do I get it?
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. HTTPS protocol uses the SSL/TLS Certificate installed on the Web Server to ensure that all the data passed between the Web Site and web browser remains private and secure, and thus protects any sensitive data that is being sent between two systems, including personal and financial details.
There are different types of SSL certificates. To receive a SSL Certificate, a website owner will need to apply to a certificate authority (CA). A CA is a trusted third party which generates and issues SSL/TLS certificates for websites. A number of web hosts provide SSL certificates and automatically configure Web Servers to support HTTPS connections.
For non-production environments and testing purposes, you may want to use a self-signed SSL certificate. These types of certificates can be used to encrypt data, but they will not be trusted by browsers unless you skip the validation.
How does secure Print Portal start using HTTPS?
These steps will guide you through obtaining and installing an HTTPS certificate in Internet Information Services (IIS), and then enabling Transport Layer Security (TLS) 1.2 on the site servers and remote site systems.
This series is comprised of different parts, listed below:
- Creating a self-signed SSL certificate.
- Add the Certificate to MMC
- Install an SSL/TLS Certificate In Microsoft IIS
- Check if the Print Portal's connection is secure
- Enable Transport Layer Security (TLS) 1.2
Step 1: Creating a self-signed SSL Certificate
This guide will use a self-signed SSL Certificate for testing purposes. This certificate will be cryptographically as good as any other certificate, but it will not be trusted by browsers, which will yield a security warning.
To create a self-signed certificate, you can use the New-New-SelfSignedCertificat cmdlet which makes it much easier to create self-signed certificates.
- Open PowerShell as Administrator
- Run the following command to create a self-signed certificate for "localhost"
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My"
Step 2: Add the Certificate to MMC
- Hit Windows key and type “Run” or use a combination of Windows + R to open the “Run” app. In the dialog, type in “MMC” and hit enter. This will open the MMC Console
- On the new MMC Console window click on File then Add/Remove Snap-In.
- A new window will pop up titled “Add/Remove Snap-ins“
- Click on Certificates then Add. A new window will pop up titled “Certificates Snap-In” as shown below.
- Click on Computer Account radio button and click on Next.
- On the window titled “Select Computer“, choose “Local Computer” radio and hit “Finish“.
- Click on the Certificates drop-down which will expand other items.
- Expand the Personal - Certificates folder and you will see your localhost certificate.
- Right-click on it and select copy.
- Copy the certificate into Trusted Root Certification Authorities - Certificates folder and close MMC Console.
*The last step is optional. If implemented, you won't get any browser warning about your SSL Certificate not being trusted when browsing Print Portal via "https://localhost"
Step 3: Install an SSL/TLS Certificate In Microsoft IIS
- Hit Windows key and type “Run” or use a combination of Windows + R to open the “Run” app.
- In the Search box, type "inetmgr" and press ENTER.
- In Internet Information Services (IIS) Manager in the Connections menu tree (left pane), expand the name of the server that contains the Print Portal web application.
- Expand Sites and click Default Web Site. On the Default Web Site Home page, in the Actions menu (right pane), under Edit Site, click on Bindings... as highlighted.
- In the Site Bindings window, click Add.
In the Add Site Bindings window, do the following and then click OK:
- Type: In the drop-down list, select https.
- IP address: In the drop-down list, select the IP address of the site or select All Unassigned.
- Port: Type port 443.
- SSL certificate: In the drop-down list, select your new SSL certificate "localhost".
Your SSL certificate is now installed, and the Print Portal is configured to accept secure connections.
Step 4: Check if the Print Portal's connection is secure
This section demonstrates how to use the the Security Panel in Chrome DevTools to make sure HTTPS is properly implemented on Print Portal and to determine which is the current encryption protocol being used by connection.
Please do the following
- Access the local Print Portal web site over HTTPS by opening Google Chrome and then entering the following URL: https://localhost/bartender
- Next on the top right corner of the browser, click (ellipsis) and after select More Tools > Developer Tools.
- Click the Security tab to open the Security panel.
As shown highlighted, the connection to the Print Portal is secured using TLS 1.2
Step 5: Enable Transport Layer Security (TLS) 1.2
HTTPS will always negotiate the highest protocol version that is supported by both the client and server in an encrypted conversation.
If you're accessing Print Portal over HTTPS using a less secure encryption protocol and you're interested in updating to enable TLS 1.2 as default secure protocols in your environment, please refer to the following Microsoft website:
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2
More Information
We recommend to consult your IT department for obtaining a trusted Certificate signed by a Certificate Authority.