Formally known as Secure Sockets Layer (SSL), nowadays it has become increasingly important as a result to keep data protected by establishing an encrypted link between a server and a client.
This is the first in a series of posts about Using SSL on a Sitecore environment, I hope you enjoy it.
In today’s post, I’ll show an overview of SSL, how to create a self-signed certificate and import on IIS.
A handshake says it all
The processes running behind the scenes when you attempt to access a secure website is known as SSL Handshake. And as you can see illustrated below, there are 5 steps to establish a secure connection between client and server.
Many flavors, but only one purpose: protect your data!
You will find SSL in a number of different flavors (Wildcard, SAN and etc) , each with their own particularities, so choose them accordingly to your organization needs.
- Single Domain
Only a single domain is protected, for example yourdomain.com
- Subject Alternative Names
Multiple domains in the same certificate, for example yourdomain.com and differentdomain.com
- Wildcard
All domain secured, for example *.mydomain.com secures www.mydomain.com and services.mydomain.com
Trust in yourself
You can always rely on self-signed certificates to replicate in your own environment the effect of SSL can cause in your website! However, keep in mind that others won’t trust you as you do – which means that you MUST avoid use self-signed in production solutions.
You probably saw many self-signed creators, and since Windows 8 there’s a cmdlet in Powershell called New-SelfSignedCertificate that gives a easier experience to create self-signed certificates than any other tool.
In order to use the follow commands, you must have at least Windows 8
Step 1 – Create a Self-signed certificate
1. Run Windows Powershell as Administrator
2. Type the follow command, then hit enter
New-SelfSignedCertificate -DnsName mydomain.com -CertStoreLocation cert:\LocalMachine\My
3. You should receive a similar output, as you can see in the image below
![New SelfSignedCertificate Powershell Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/new-selfsignedcertificate-powershell-blog-vinicius-deschamps.jpg)
Step 2 – Use Self-Signed Certificate on IIS
1. Open IIS, expand sites
![IIS Internet Information Services Expand Site Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/internet-information-services-expand-site-blog-vinicius-deschamps.jpg)
2. Select the Site you want to use Self-Signed certificate, right-click on it then Edit Bindings
![IIS Internet Information Services Edit Bindings Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/internet-information-services-edit-bindings-blog-vinicius-deschamps.jpg)
3. In Site Bindings, click Add
![IIS Sitecore Site Bindings Add Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/site-bindings-add-blog-vinicius-deschamps.jpg)
4. In Add Site Binding, choose Type HTTPS and on SSL certificate choose the certificate create in Step 1, and click Ok then Close (Site Bindings window)
![IIS Internet Information Services Add Site Binding SSL Certificate Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/add-site-binding-ssl-certificate-blog-vinicius-deschamps.jpg)
Please note that I already have mydomain.com in my hosts file (C:\Windows\System32\drivers\etc\hosts) pointing to 127.0.0.1
![C:\Windows\System32\drivers\etc\hosts Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/c-windows-system32-drivers-etc-hosts-blog-vinicius-deschamps.jpg)
5. Go to your browser and access your website using the domain used on –DnsName parameter on Step 1, in my case was mydomain.com, so https://mydomain.com
![Sitecore Your connection is not private Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/your-connection-is-not-private-blog-vinicius-deschamps.jpg)
Step 3 (PLUS!!!) – Export Self-Signed certificate as PFX file with a password
In case you want to install on another machine or send to a colleague
1. In the same Windows Powershell, copy Self-Signed Thumbprint and keep it (in my case AB34CF46EF6DAAE6FCB69C65F4A9C07710644F3F)
![Sitecore Thumbprint output Powershell Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/thumbprint-output-powershell-blog-vinicius-deschamps.jpg)
2. Create a password using the following command
$sslPassword = ConvertTo-SecureString "P@ssw0rd" -Force -AsPlainText
3. Export the certificate as PFX file using the command below
Export-PfxCertificate -Cert cert:\LocalMachine\My\AB34CF46EF6DAAE6FCB69C65F4A9C07710644F3F -FilePath C:\temp\mydomain.pfx -Password $sslPassword
4. You should receive a similar output, as you can see in the image below
![Export PFXCertificate Powershell Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/export-pfxcertificate-powershell-blog-vinicius-deschamps.jpg)
5. Navigate to the folder you saved the PFX file and check if it was created. In my case, it was on C:\temp
![PFX Certificate Exported Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/pfx-certificate-exported-blog-vinicius-deschamps.jpg)
Step 4 (PLUS!!!) – Stop receiving SSL errors with Self-Signed certificates
1. Execute the Step 3 and get yourself a PFX file
2. Press Windows+R to open Run, type mmc in the empty box and click Ok
![Run MMC Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/run-mmc-blog-vinicius-deschamps.jpg)
3. Click Yes in the User Account Control window
4. On the File menu, click Add/Remove Snap In
![MMC Add Remove Snap-in Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/mmc-add-remove-snap-in-blog-vinicius-deschamps.png)
5. Under Available snap-ins, double-click Certificates
![Add Remove Snap-ins Certificate Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/add-remove-snap-ins-certificate-blog-vinicius-deschamps.png)
6. Select Computer Account, and then click Next
![Certificates Snap-in Computer Account Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/certificates-snap-in-computer-account-blog-vinicius-deschamps.jpg)
7. Keep Local Computer on Select Computer window, and then click Finish
![Select Computer Local Computer Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/select-computer-local-computer-blog-vinicius-deschamps.jpg)
8. Click Ok on Add or Remove Snap-ins
![Add Remove Snap-ins Selected OK Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/add-remove-snap-ins-selected-ok-blog-vinicius-deschamps.jpg)
9. Expand Certificates, find and right-click in Trusted Root Certification then choose Import
![MMC Certificates Trusted Root Certification Import Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/mmc-certificates-trusted-root-certification-import-blog-vinicius-deschamps.jpg)
10. Welcome to the Certificate Import Wizard screen, click Next
![Certification Import Wizard Welcome Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/certificate-import-wizard-welcome-blog-vinicius-deschamps.jpg)
11. File to import window click in Browse…
![File to import Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/file-to-import-blog-vinicius-deschamps.jpg)
12. At the bottom right change the Certificate file to Personal Information Exchange (*.pfx, *.p12)
![Open Personal Information Exchange P12 PFX Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/open-personal-information-exchange-p12-blog-vinicius-deschamps.jpg)
13. Navigate to the folder where you exported the PFX file in Step 3 and select it, and then click Open
![Choose PFX Certificate Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/choose-pfx-certificate-blog-vinicius-deschamps.jpg)
14. Private key protection window, type the same Password you used to export the PFX file in Step 3 and click Next
![Private Key Protection Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/private-key-protection-blog-vinicius-deschamps.jpg)
15. Double check the certificate will be placed at Trusted Root Certification Authorities, and click Next, then Finish
![Certification Store Trusted Root Certification Authorities Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/certification-store-trusted-root-certification-authorities-blog-vinicius-deschamps.jpg)
16. Restart any browser you have open, and test again
![Sitecore Experience Platform Fresh Installation SSL Blog Vinicius Deschamps](https://viniciusdeschamps.com.br/wp-content/uploads/2020/05/sitecore-experience-platform-fresh-installation-ssl-blog-vinicius-deschamps.jpg)
Voilá! You are not seeing the error anymore!
Thanks for reading, and I hope you enjoyed!
I’ll see you on the next post!
Deixe um comentário