Enabling HTTPS binding for secure access to eShare

Advanced web technologies, like the plugin-free 3D embedded in the user interface, require HTTPS protocol to be used. When HTTPS protocol is used, the inbound and outbound eShare network traffic is encrypted with the Transport Layer Security (TLS) protocol.

To utilize HTTPS properly, a valid SSL (Secure Sockets Layer) certificate is required. An SSL certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. SSL is a security protocol that creates an encrypted link between a web server and a web browser. Using an SSL certificate secures online transactions and keeps information private and secure. This will allow the client to “trust” the server and a secure connection can be formed. Without a valid certificate, there will be “not secure” related warnings and some domain policies can prevent connection if the certificate is not valid.

Proper certificates are issued by CA (Certificate Authorities) which the browser will trust by default. Domain computers can be configured to trust a certain certificate by installing it to the certificate store.

For more information, see Microsoft's documentation on setting up SSL in IIS: https://docs.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis.

If you want to enforce use of HTTPS on administrative level, see Enabling HTTP Strict Transport Security (HSTS).

Prerequisites

  • A valid SSL certificate for the fully qualified domain name.

  • Using the fully qualified domain name with a valid SSL certificate to establish the secure connection.

Do the following:

  1. To load the certificate file to the Internet Information Services (IIS), in the Connections pane, select the server, and double-click Server Certificates.

  2. In the Server Certificates page, in the Actions pane, select Import. The Import Certificate dialog opens.

  3. Browse and select the license file and select OK.

  4. To enable the HTTPS binding, in the Connections pane, under Sites, right-click eShare and select Edit Bindings. The Site Bindings dialog opens.

  5. Select Add. The Edit Site Binding dialog opens.

  6. In the Edit Site Binding dialog, specify the following settings:

    • Type – Select https.

    • IP address – Select All unassigned

    • Port – Select 443. Using other port for HTTPS is not supported.

    • Host name – Enter the host name.

    • Require Server Name Indication – Enabling this setting is recommended to mitigate man-in-the-middle attacks.

    • SSL certificate – Select the certificate from the drop-down list or browse with Select to find it.

    Select OK to confirm settings.

  7. If HTTP binding is no longer needed, select the HTTP binding on the list and select Remove.

    Note: If HTTP binding is removed, all integrations to eShare need to be revised for possible configuration changes.