SSL/TLS Setup (REST Front end)

IIS Configuration For SSL

It is advisable to run PRIS under SSL, for both the extra security and also for better performance, as the server will be able to use the newer http/2 protocol.

If PRIS is to be external facing, you MUST use SSL (TLS).

To enable SSL, you will need to:

1. Have an SSL certificate ready to use (if your company does not have one, this will need to be purchased).
2. Add a new SSL binding.
3. A network administrator will need to setup the DNS and port forward 443 via the firewall (so it can be accessed externally). This should also only allow port 443, and not 80, so that we can only use https.

This is where you will need to set the external name and certificate:

Note, this will not force SSL internally (see below).

Can force SSL only

Even though the firewall port froward should restrict to SSL only, we can also enforce this as below:

 

To Test Locally before publishing the DNS

To test that the new PRIS application location is working locally (i.e. before we have done the DNS publishing), we can use the local hosts file.

On Windows 10, this is located in C:\windows\system32\drivers\etc\hosts  (the file has no extension). Open this with Notepad running as administrator.

Add the following entry:

 

You may now also wish to use the OpenAPI (Swagger) page to test an actual route.

Once tested, you may want to remove this entry from the hosts file so you can later test that the DNS is working.