From HTTP to HTTPS

  • Updated

Convert HTTP to HTTPS.

Below are the steps to follow to convert your irCatalog or irServer Rule Execution Service (really, any WCF Service) from HTTP to HTTPS.

  1. Obtain a SSL certificate
  2. Install the certificate on the IIS server hosting irCatalog or irServer
  3. Configure the site to require SSL
  4. Set host headers and bindings for SSL, including Server Name Identification if applicable
  5. Modify the irCatalog/irServer web.config to enable transport-level security for the service's WCF bindings
  6. Update the irCatalog Manager Website web.config and irCatalog promotion URIs

The first thing you will need when enabling SSL is a certificate. This can be self-signed or issued from a CA.

Like any untrusted certificate, a self-signed certificate will cause applications like irAuthor to display security warnings - you can choose to either ignore the warnings, accept the certificate, or add the cert to your trusted store. Whichever type of certificate you end up using, you will need to install that certificate in IIS. The Server Certificates section of the IIS Admin tool is one place to manage this, but you can also import (or generate) a certificate using Powershell. Once you have created/imported your certificate, you will bind it to the IIS web site, which contains your irCatalog/irServer instance. Then you will be ready to finish the process by changing the web.config of the service.

 

Open the web.config of your irCatalog/irServer instance (default location is C:\Program Files (x86) \InRule\irServer\[Repository|RuleEngineService]\IisService\web.config), making sure you are running in an elevated session. Navigate to the system.serviceModel node, which is where you will be making the relevant changes.  

Depending on whether you are looking at the web.config for irCatalog or irServer, the next steps will be similar, yet slightly different.  

irCatalog Service

irCatalog is the simplest, requiring only two changes. Look for the WSHttpBinding and change the security node's mode attribute from "None" to "Transport":

<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding" maxReceivedMessageSize="50000000">
<readerQuotas maxStringContentLength="50000000" />
<security mode="Transport">

Next, you'll need to make sure that you can access service metadata through https. To do so, add a serviceMetadata entry to the repositoryServiceBehavior that specifies

httpsGetEnabled="True" and httpGetEnabled="False":

<behavior name="repositoryServiceBehavior">
<serviceDebug httpHelpPageEnabled="true" />
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
</behavior>

 

irServer Rule Execution Service

In the case of making this change to irServer, the steps are identical, but because the service has both SOAP and REST style endpoints, you need to repeat the process for each binding. You need to change the securityMode to Transport in three different places. Note that the first security tag does not self-close like its' brethren.

<wsHttpBinding>
<binding name="WSHttpBinding_IRuleEngineService" maxReceivedMessageSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
<security mode="Transport"></security>
</binding>
</wsHttpBinding>
<webHttpBinding>
<binding name="WebHttpBinding_IHttpRuleEngineService" maxReceivedMessageSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
<security mode="Transport" />
</binding>
</webHttpBinding>
<basicHttpBinding>
<binding name="BasicHttpBinding_IRuleEngineService" maxReceivedMessageSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
<security mode="Transport" />
</binding>
</basicHttpBinding>

The final task is to modify the service's behavior to enable httpsGet of serviceMetadata.

<behavior name="Behavior_IRuleEngineService">
<serviceDebug httpHelpPageEnabled="true" />
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
</behavior>
<behavior name="Behavior_IHttpRuleEngineService">
<serviceDebug httpHelpPageEnabled="true" />
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
</behavior>

Once you have saved the web.config it is a good practice to restart the site via an iisreset or similar command - be careful if you are performing this in an active, "live" environment!

irCatalog Manager Website

Update the web.config of each irCatalog Manager Website instance to point to the new secure URI for the associated irCatalog Service.

<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="InRule.Catalog.Uri" value="https://MyServer/InRuleCatalogService/Service.svc " />
<add key="InRule.Catalog.SingleSignOnEnabled" value="False" />
<add key="InRule.FeedbackService.Enabled" value="True" />
</appSettings>

For any irCatalog Service instances defined for promotion, update the URIs via the irCatalog Manager Website promotion screen. See irAuthor Help for more details.

Changing from HTTPS back to HTTP is a matter of performing the outlined steps in reverse.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.