Question

HTTPS Connection For IFS Instances

  • 8 September 2021
  • 5 replies
  • 48 views

Userlevel 1
Badge +4

We have a middleware service, that is serving 4 instances of IFS on a UAT basis.

All of these instances can be connected to using the URL https://ifsinstancename.microlise.com/”port

However, on the Windows IIS Manager, there isn’t a bindings section that covers the https connection.

I need to update a soon to expire digital certificate, but cannot find where it picks up the bindings for it.

Does anyone know how I can resolve this, or should I log it with IFS support?

 

Thank you for looking.

Kind regards

Richard.


5 replies

Userlevel 7
Badge +15

Hi @RichardM ,

 

We use IIS for the touch app server and we added an https certificate to the touch app server by clicking on bindings then we added the https, hostname and port 443 and we selected the SSL Certificate by clicking Select and finding it on the local C: drive where we have IIS installed.

 

We have a separate installation of touch app server for each of our environments and we have separate SSL certificates and URL’s for them.

 

 

Regards,

William Klotz

Userlevel 5
Badge +7

Hi @RichardM ,

 

We use IIS for the touch app server and we added an https certificate to the touch app server by clicking on bindings then we added the https, hostname and port 443 and we selected the SSL Certificate by clicking Select and finding it on the local C: drive where we have IIS installed.

 

We have a separate installation of touch app server for each of our environments and we have separate SSL certificates and URL’s for them.

 

 

Regards,

William Klotz

Adding to this, In case if you need future references, please refer to IFS Documentation. You can find solutions for other issues/configurations as well.

https://docs.ifs.com/techdocs/foundation1/020_installation/400_installation_options/030_touch_apps/010_touch_apps_server/30_iis_configuration/default.htm#HTTPS

 

/Nimesh

Userlevel 1
Badge +4

Thank you for the replies.

I have already done this but the new cert is not picked up for some reason.
To give you some more info, the IIS service is serving 4 instances of IFS, each instance is addressed by a different TCP port.
I am logging a call with IFS as well.

Unfortunately, the person who implemented the IFS solution is no longer with the company and didn’t document the installation very thoroughly!  So, I’m on the back foot on this one :disappointed:

Keep moving forward!

Best regards
Richard.

Userlevel 1
Badge +4

I’ve uncovered some more information on this.
For reference, the UAT server, actually serves five instances of IFS.

There is an attached drive on the virtual middleware server, that stores all the certificates.
In here are five PFX files.
AST1.pfx
IFSE.pfx
IFSM.pfs
IFST.pfx
IFSX.pfx

I can open up the files and using Certificate Manager, can see that each one has three cert stored within (root; intermediate & wildcard).
The wildcard is the one I’m trying to update, and that individual certiificate is stored within a sub-directory.
I’ve attached a screen shot of the certs, so you know what I’m getting at.

What I need to do is to copy the new certificate into the base cert folder, then encapsulate each of the pfx files mentioned above with the new wildcard certificate.
But I don’t know how to roll all three certs up into one PFX file.

Can anyone suggest how to do this?

Kind regards
Richard.

Userlevel 1
Badge +4

Hi

The issue we were facing has been resolved.
It was nothing to do with IIS, here’s what we had to do:

  1. In Certificate Manager, import all three certs (root; intermediate & our wildcard).
  2. Then export the wildcard, but with all the certificates in the chain.
  3. On the IFS Middle Ware server, there is a file called “installer.cmd” which runs various wizards to configure; reset passwords update the versions etc…  The recofigure” option, provides a screen where our exported PFX file can be imported into the configuration.
    This wizard takes about 20 minutes to run and creates/updates new files for the system to operate correctly.
  4. After the wizard completed, we could then get onto our URL and execute the Enterprise Explorer app to log in to the system.

Thank you for your replies, I hope this helps.
Kind regards

Richard.

Reply