Configuring the IIS Binding Securely using SSL
To secure Records Management with SSL, you must configure the IIS Bindings. You can configure the IIS Bindings for SSL in two ways, manually or by using the provided PowerShell script.
Binding Manually
To configure SSL Bindings manually, perform the following actions:
Open IIS.
Select Records Management Web.
Select Bindings…
Change or Add HTTPS Binding and Choose Open Port.
Select Certificate to use for SSL.
Select Records ManagementSTS Web.
Select Bindings…
Change or Add HTTPS Binding and Choose Open Port.
Select Certificate to use for SSL.
Open a PowerShell command window, and execute the following commands:
Set-RecordsManagerWeb -SiteName "Records Management" -SiteUrl "https://url-to-manageweb" -WSFedMetaUrl "https://url-to -sts:444/metadata/federationmetadata.svc/xml" -WSFedMetaRealm "https://url-to-manageweb" -WSFedMetaReply "https://url-to-manageweb" -WSFedMetaAudience "https://url-to-manageweb" -WSTrustUrl "https://url-to-sts:444/Trust.svc" -AllowHttp $false
Set-RecordsManagerSTSWeb -SiteName "Records Management STS" -BaseUrl "https://url-to-sts:444" -ExpectedAddress "https://url-to-manageweb" -AllowHttp $false
If you use port 443, you should exclude the port number in the above PowerShell commands for the respective URL, as in the example.
Binding Using the Powershell Script
To configure SSL Bindings using the provided PowerShell script, perform the following actions:
Open the PowerShell Prompt.
Change Current Directory to “%Manager Web Path%\Ps1”.
Execute the Script in the folder named Set-RecordsManagerSSL.ps1 as in the example below:
POWERSHELL.\Set-RecordsManagerSSL.ps1 -WebName "Information Lifecycle" -WebUrl "https://url-to-manageweb" -WebPort 443 -StsName "Information Lifecycle STS" -StsUrl "https://url-to-sts:444" -StsPort 444 -CertThumbprint "BE41D8EA75A18AB565EF1622C8622336F482A0E3"
Finding the SSL Certificate Thumbprint
Use the following PowerShell script to find the Thumbprint for a certificate that is already installed in the local computer's Personal certificate store. Be sure to replace the CN=*.domain.local string with your certificate's subject name.
$cert = Get-ChildItem cert:\LocalMachine\My | Where-Object {$_.Subject.StartsWith("CN=*.domain.local")}
$cert.Thumbprint