Answer
PROBLEM
You can configure Microsoft IIS to use HTTPs to provide a secure connection to the GFI MailEssentials user interface. This may be required by some organizations, especially if the GFI MailEssentials user interface is accessed from the internet.
ENVIRONMENT
- GFI MailEssentials
- all supported environments
SOLUTION
Use the appropriate procedure to enable HTTPS in Microsoft IIS for the GFI MailEssentials website.
Microsoft IIS 7.0
Ensure that you have configured a Server Certificate which will be used for HTTPs communication. You can configure this from the following:
- Open Microsoft Internet Information Services (IIS) Manager
- Click the Server
- In the left pane, click Server Certificates under IIS
- Create a new certificate, or attach to an existing certificate
Ensure that there is a HTTPs binding for the web server hosting the GFI MailSecurity website:
- Open Internet Information Services (IIS) Manager
- Expand the Server > Sites
- Right Click the Default Web Site (Which is hosting the MailEssentials website by default) and select Edit Bindings
-
Ensure that the https binding is created
- If not click on the Add... button and add a new https type binding. Click OK to create the binding.
Enforce SSL communication on the GFI MailEssentials virtual directory:
- Open Internet Information Services (IIS) Manager
- Expand the Server > Sites > Default Web Site
- Click the MailEssentials node.
- In the left pane, click SSL Settings under IIS
- Tick the options Require SSL and Require 128-bit SSL
Microsoft IIS 6.0
- Open the Microsoft Internet Information Services (IIS) Manager
- Browse to Websites
- Right click the website used by GFI MailEssentials and select Properties. By default, the Default Web Site is used.
- From the Directory Security tab select Server Certificate
- Follow the IIS certificate wizard to create a new certificate, or attach to an existing certificate
- Click OK to close the Default Web Site properties
- Under Default Web Site select the MailEssentials virtual directory
- Right click and select Properties
- Select the Directory Security tab and in the Secure Communications section click Edit
- Check Require secure channel (SSL) and Require 128-bit encryption
- Ensure that in the Client Certificates section, Ignore client certificates is selected
- Click OK to close the Secure Communications window
- Click OK to close the MailSecurity virtual Directory Properties
Notes:
Ensure that the HTTP SSL service is running. By default, the startup type for this service is set to manual. From the properties of the services, change the startup type to automatic and start the serviceCAUSE
By default HTTPS is not configured and needs to be setup manually.