Secure Socket Layer

  1. The first step in securing the application is to enable the https protocol, also known as secure socket layer (SSL) for the web-site. All communication over SSL is encrypted to prevent any third party from accessing authentication information such as passwords. A certificate that is trusted by both parties (server and client) is required in all SSL communication. The certificate is an electronic document used to verify server identification and to encrypt communication between server and client.
  2. Instructions on how to request, issue and install certificates is beyond the scope of this document and the process will be different depending on the scope of the installation. For an intranet site, a certificate issued by the organization itself will suffice, whereas a public installation must use one of the well known and trusted issuers.
  3. When an SSL certificate is ordered, the server name must always be specified as a fully qualified domain name, for example, glt.example.com.
  4. Once a certificate has been issued, it must be installed in Internet Information Services (IIS) Manager as follows:
    1. From the Start screen, either click on the Internet Information Services (IIS) Manager or search for this if it is not displayed, then select the node named as the server in the left panel tree.
    2. In the right panel double click on the 'Server Certificates' icon and review the installed certificates.
    3. If the certificate is not already installed, install it according to instructions from the certificate vendor.
  5. To enable https/SSL for the M3 Graphical Lot Tracker site:
    1. Open Internet Information Services (IIS) Manager from the windows start screen. In the left hand panel, select the node named 'Default Web Site'.
    2. Right click the 'Default Web Site' node and select 'Edit Bindings' from the context menu.
    3. Click 'Add Binding' to open the new binding dialog.
    4. Select https for Type, and the new certificate in the SSL certificates drop-down list. Change port number as needed. The port number defaults to 443, which is the standard port for SSL.
    5. Click OK to save changes.
  6. Verify the connection from a web browser. Navigate to the Graphical Lot Tracker web site, by entering the full url, including port number if non-standard port is used, in the address bar, for example:

    https://glt.example.com:443/GraphicalLotTracker/

    Note:  When application sign-on is enabled, SSL/https should be the only protocol used. To avoid mixed content warnings, the configuration values for the graph images should be updated in the configuration, using the https url. The configuration values that need to be changed are '.GRAPH:SHAREDDIRECTORY' in the Trace database, and '.GRAPH:ICONS' in the trace line database. Note that there is one '.GRAPH:ICONS' value per theme, three in total.

    Example:

    Key Key .GRAPH:SHAREDDIRECTORY
    Old Value http://glt/GraphicalLotTracker/tmpGraph/
    New Value https://glt.example.com:443/GraphicalLotTracker/tmpGraph/