Article Rating

  • 0 Rating(s)
  • 0
  • 0
  • 0
  • 0
  • 0
To use SSL for Password Reset Server, you will have to either request a certificate from a trusted root authority or create a self-signed certificate on your server. SSL is required for using Windows Authentication Integration.

This article goes over how to create and install self-signed certificate.

IIS 6 (Windows XP, Windows Server 2003)
  • Download and install the IIS Resource Toolkit from the following link:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en
  • Determine your host name. For example, if you go to http://www.thycotic.com/secretserver to get to Secret Server, than your host name is "www.thycotic.com"
  • Find your website ID. If you only have one website, on the server, than the ID will be 1. Otherwise, open IIS Manager (start->run->type in "inetmgr" and click OK), click on the "Websites" folder on the left panel, and locate your website in the middle. The value in the "ID" column is the website ID.
  • Click on your start menu, click "All Programs", click the "IIS Resources" folder, click the "SelfSSL" folder, and click the "SelfSSL" executable. This will open a command console.
    - Type in "selfssl /N:CN=<host name> /S:<website ID> /V:<days valid>" and replace <host name> with your host name, <website ID> with your website ID, and <days valid> with the number of days for which the certificate will be valid.
  • Make sure your firewall is configured to allow https requests. To add an exception for this, click "Start", click "Control Panel", and click "Windows Firewall". Then click the "Exceptions" tab and check the "HTTPS" checkbox. Next, click the "HTTPS" item, click "Edit", click "Change Scope", and select the option you want.
IIS 7 (Windows Vista, Windows 7, Windows Server 2008)
  • Open IIS manager by clicking start, clicking run, typing in "inetmgr", and clicking "OK".
  • Click on the server node (one of the root nodes) in the left panel, and double click on "server certificates".
  • Click on "Create Self-Signed Certificate" on the right panel and type in anything you want for the friendly name
  •  Click on your website in the left panel, click "Bindings" on the right panel, click "Add", select "https", select the certificate you just created, and click "OK".
  • If you want this certificate to be trusted on client computers and your server name does not match the host name for the Secret Server website, you will have to follow the steps in the "IIS 6" section, which also work for IIS 7.

Article ID: 101, Created On: 8/23/2010, Modified: 8/23/2010