Anywhere Mobility Portal Documentation

Enable SSL on IIS

To enhance the security of your websites, and the Anywhere Portal in particular, enabling SSL is an essential step to ensure users that the website they are visiting.

Running the Anywhere Portal with SSL is required when connecting to a Cloud environment of Business Central

Enabling SSL on a website requires a certificate (self-signed or from a Certificate Authority (CA)) The next step is to bind the certificate to the website. (A certificate is bound to a website, not to an application)

Self-Signed Certifcates

There are various ways of creating a certificate, from Azure Keyvault, IIS, third-party tools and even Powershell Self created certificates are known as self-signed, and are a way to enable SSL on a non-public website.

Some browsers will show a security warning the first time they encounter a self-signed certificate, they should allow to trust and store that certificate on client level.

You can create a self-signed certificate via the Server Certificates option in SSL

  1. Open Internet Information Services (IIS) Manager.
  2. Select the workstation you are installing the certificate on under the Connections list.
  3. Open the Server Certificates tool. IIS Certificates Tool
  4. Click the Create Self-Signed Request link in the upper-right corner, under the Actions list.

For more info on how to create a self-signed certificate see References

Requesting Certificates from a Certificate Authority

Certificates from a Certificate Authority (CA) are globally trusted. A populair, free and supported by many clients to automatically refresh the certificate nearing expiration is Let's Encrypt For these clients taking care of certificates of Let's Encrypt see here

To request a certificate from a CA, a Certificate Signing Request (CSR) should be first created on your server This file contains your server and public key information, and is required to generate the private key. You can create a CSR in IIS with just a few clicks:

  1. Open Internet Information Services (IIS) Manager.
  2. Select the workstation you are installing the certificate on under the Connections list.
  3. Open the Server Certificates tool.
  4. Click the Create Certificate Request link in the upper-right corner, under the Actions list.
  5. Fill in the information in the Request Certificate wizard. You will need to enter your two-digit country code, the state or province, city or town name, full company name, section name (i.e. IT or Marketing), and the common name (typically the domain name). IIS Request Certification Request Page
  6. Leave the “Cryptographic service provider” set to default.
  7. Set “Bit length” to “2048”.
  8. Name the certificate request file. The file name doesn't matter.

This file must be sent to the Certificate Authority (CA) to allow them to create trusted certificates for your server. After you receive the certificate file(s), complete the certificate signing request. Store this file on the server, you will need it to complete the installation of the certificate

Completing the certificate signing request

  1. Open Internet Information Services (IIS) Manager.
  2. Select the workstation you are installing the certificate on under the Connections list.
  3. Open the Server Certificates tool.
  4. Click the Complete Certificate Request link in the upper-right corner, under the Actions list.
  5. Enter the path to the received file/certificate from the CA
  6. Enter a "Friendly Name", which will be an alias for your certificate to easily recover it
  7. Set the certificate store to your preference (we've been using personal)
  8. Press OK, to finish the installation, the new certificate should be available in the list

Installing/binding the certificate to your website.

To bind the certificate to your website, please follow these steps

  1. Open Internet Information Services (IIS) Manager.
  2. Select the Website on the left side (Default Website)
  3. Select bindings in the right side
  4. Press Add to create a new binding This image shows how to create a binding in IIS
  5. Select https on type to create the entry for https (default port 443)
  6. Enter the hostname to which the certificate is bound to
  7. Select the installed certificate from the dropdown menu

If you do not see the appropriate certificate on your list, make sure you've installed the certificate 8. Press OK to create the new binding 9. Navigate to the website or if the Anywhere portal is already installed to the Anywhere website via https to confirm 10. Navigate from a different client (not the server) to the website to confirm the binds are correct

References

Topic Link
SSL on IIS Digicert
Create a Self Signed Certificates Microsoft Docs
Certificate Authorities Wikipedia
Let's Encrypt Let's Encrypt