Purpose:
This is a step by step guide on how to configure authenticated HTTPS Distribution Servers. The guide will help you install and setup IIS and configure Distribution Servers in Protect 9.x.
Please Note: This document is based on Windows Server 2008 with IIS7.5.
Resolution:
1. Create a folder on the IIS server and share it. This folder will be the Distribution Server share where the patches and data files with be stored.
Install IIS and enable authentication by performing the following:
1. Open the Server Manager, right-click on Roles and select Add Role.
2. Use the wizard to add the Web Server (IIS) role.
3. Once the Web Server (IIS) role is created, go to the Role Services section under the new role and click Add Role Services.
4. Select Windows Authentication under Security and go through wizard to add it. Continue with the default settings unless you need a specific configuration.
5. Go to Programs -> Administrative Tools -> Internet Information Services.
6. Right click on Default Web Site and click Add Application.
7. Add the share folder that was created in the beginning.
8. Select the new Application and double-click on Authentication.
9. Select Windows Authentication and click on Enable.
10. Select Anonymous Authentication and click on Disable.
11. Create a Virtual Directory in the Application.
a. Right-click on Application and choose Add Virtual Directory.
b. Enter and Alias and set the Physical path to the share folder.
12. Enable Directory Browsing on the Application.
- Double-click Directory Browsing.
b. Click the Enable button
13. You should test the connection to the URL. You can do this manually through a web browser or use the Browse Virtual Directory located on the right side of the Internet Information Services (IIS) Manager when you have the Virtual Directory selected.
Configuring HTTP over SSL (HTTPS):
1. Navigate to the Internet Information Services (IIS) Manager and highlight the server name.
2. Open Server Certificates.
3. Click on Create Self-Signed Certificate.
4. Enter a friendly name and click OK.
5. Click on Default Web Site and click on the Binding link on the right side of the screen.
a. Add the HTTPS binding with the SSL Certificate you created.
6. Click on the Virtual Directory you created and then open SSL Settings.
7. Check the Require SSL checkbox and Apply the settings.
8. Go to Start -> Run and type MMC to open Microsoft Management Console.
7. Click on File -> Add/Remove Snap-in.
8. Highlight Certificates and then click Add.
9. Choose Computer account and click Next.
10. Choose Local Computer and click Finish.
11. Click OK.
12. Expand Certificates -> Personal -> -Certificates.
13. Locate the certifcate you created by Friendly Name.
14. Right-click and choose All Tasks -> Export.
15. Click Next.
16. Choose No, do not export the private key and click Next.
17. Use the defaults for the next screen and click Next.
18. Choose a location and File Name to save the certiicate to then click Next.
19. Click Finish and then OK.
20. Skip to step 22 if IIS is on the same server as the Protect Console. Continue to step 21 if the IIS and the Protect Console are not on the same server.
21. Open the Microsoft Management Console Protect Console serverby following steps 8-11.
22. Expand Trusted Root Certificate Authority -> Certificates.
23. Right-click on Certificates and choose All Tasks -> Import.
24. Click Next.
25. Specify the File Name of the certificate you exported and choose Next.
26. Choose Place all certificates in the following store and click Next.
27. Click Finish and then OK.
Configuring the HTTPS authenticated Distribution Server in Protect 9.x:
1. Open Protect and navigate to Tools -> Operations.
2. Go into Distribution Servers and click New.
3. Create the Distribution Server:
- Give it a Name.
- Select Authenticated HTTP and checkmark Use SSL (HTTPS).
- Enter the URL.
- Choose Credentials used to authenticate to the URL. Click New to create credentials.
- Enter the UNC path to the share folder.
- Choose Credentials used to authenticate to the UNC path. Click New to create credentials.
- Test the connections for the URL and the UNC to make ensure proper connectivity.
- Save.
More information on Distribution Servers:
Why use a Distribution Server?
Configuring A New Or Existing Distribution Server.
Deployment Template: Distribution Servers Tab.
Assigning IP Addresses To Servers.
Product Versions:
Protect 9.x