Minimum software versions required for HTTPS

ComponentMinimum Version
DPE Server1.7.193
  • A DPE Server supports HTTPS or HTTP, but not both
  • Silverlight Admin pages do not work currently

Create a self-signed certificate on the DPE Server machine

Note: This is not needed in a productive environment, only for testing. Use an officially signed certificate in productive environments.

StepDescription
1

Open IIS Management, select machine and double-click on Server Certificates:

2

Click on Create self-signed certificate:

3

Enter a name for your certificate and choose a storage (Personal or Webhosting).

The key difference between Web Hosting store and Personal store is that Web Hosting store is designed to scale to higher numbers of certificates.

Enable HTTPS for the DPE Server web site

StepDescription
1

Open IIS Management and click Bindings for your web site:

2

Add a binding for HTTPS and select your certificate:

Adapt web.config for DPE web services (WCF/SOAP)




Add a security tag for the default basicHttpBinding:

<basicHttpBinding>
    <binding maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647" >
        <readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647"/>
        <security mode="Transport">
            <transport clientCredentialType="None" />
        </security>
    </binding>
</basicHttpBinding>
XML

instead of

<basicHttpBinding>
    <binding maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647" >
        <readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647"/>
        <!--
        <security mode="Transport">
            <transport clientCredentialType="None" />
        </security>
		-->
    </binding>
</basicHttpBinding>
XML

Adapt web.config for DPE web services (WCF/REST)




Add a security tag for the default webHttpBinding:

<webHttpBinding>
    <binding name="">                   <!-- default config -->
        <security mode="Transport" />   <!-- enable SSL for HTTPS -->
    </binding>
XML

instead of

<webHttpBinding>
    <binding name="">                   <!-- default config -->
		<!--
        <security mode="Transport" />   
		-->
    </binding>
XML


Adapt httpGetEnable / httpsGetEnabled in web.config




In case of HTTPS the option httpGetEnabled must be set to "false"

      <serviceBehaviors>
        <behavior name="ServiceBehavior">
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
          <!--  To avoid disclosing metadata information, 
                 set the value below to false and remove the metadata endpoint above before deployment  -->
          <serviceMetadata httpsGetEnabled="False" httpGetEnabled="False"/>
          <!--  To receive exception details in faults for debugging purposes, 
                 set the value below to true.  Set to false before deployment 
                 to avoid disclosing exception information  -->
          <serviceDebug includeExceptionDetailInFaults="True"/>
          <serviceAuthorization serviceAuthorizationManagerType="David.Dpe.DpeFramework.ServiceModel.BasicAuthServiceAuthorizationManager, David.Dpe.DpeFramework"/>
        </behavior>
      </serviceBehaviors>
XML

instead of

      <serviceBehaviors>
        <behavior name="ServiceBehavior">
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
          <!--  To avoid disclosing metadata information, 
                 set the value below to false and remove the metadata endpoint above before deployment  -->
          <serviceMetadata httpsGetEnabled="False" httpGetEnabled="True"/>
          <!--  To receive exception details in faults for debugging purposes, 
                 set the value below to true.  Set to false before deployment 
                 to avoid disclosing exception information  -->
          <serviceDebug includeExceptionDetailInFaults="True"/>
          <serviceAuthorization serviceAuthorizationManagerType="David.Dpe.DpeFramework.ServiceModel.BasicAuthServiceAuthorizationManager, David.Dpe.DpeFramework"/>
        </behavior>
      </serviceBehaviors>
XML


FAQ

IdQuestionAnswer
1The browser shows a name mismatch error?https://www.digicert.com/ssl-support/certificate-name-mismatch-error.htm
2Can I use the same certificate for different servers?There are different types of certificates. Some are signed for a single dedicated server name. Some can be used for multiple names.
3Can I sign a certificate for a DNS name and use it for whatever physical machine is mapped to this name?
TODO I hope so, but we have to learn more...
4What is the difference between Personal or Webhosting storage?The key difference between Web Hosting store and Personal store is that Web Hosting store is designed to scale to higher numbers of certificates.
5Which types of certificates exist?https://support.dnsimple.com/articles/ssl-certificates/#traditional-singlename