Skip to main content

 

 

 

 
 
 
 
OutSystems

How to install an SSL Certificate in self-managed environments

Template:OutSystems/Documentation_KB/ContentCollaboration
  • Edit
    Collaborate with us
    Edit this page on GitHub
  • The following instructions apply to self-managed infrastructures only.

    The OutSystems Cloud environments include valid SSL certificates, by default, with the outsystemsenterprise.com domain. Should you wish to customize your environment domain please refer to this article.

    An SSL certificate binds a cryptographic key to an organization’s details. When such a certificate is installed in an application server, the HTTPS protocol is activated. This creates an encrypted channel between your web server and your visitor’s web browser, allowing the transmission of private information without being eavesdropped or tampered.

    This article contains instructions on how to request and install a certificate in your application server so that your OutSystems applications can be used over secure connections via HTTPS. It applies to .NET/Windows stacks.

    These instructions focus on the scenario in which your server is only accessible via the same name, even if over multiple IP addresses. If you need to have your server accessible via two (or more) different names (and IP addresses), that is, one for the internal and another for the external network, you must repeat these instructions for each name, or use a multi-domain certificate.

    It's expected that you have a fair knowledge of administering a server (including using the command line) and managing certificates, to follow this document.

    Reach out to your network, system or infrastructure administrator if you need help in following specific instructions in your infrastructure.

    Creating a Certificate Signing Request (CSR)

    A typical step before requesting a new certificate or renew an existing one, is to generate a CSR to be provided to the Certificate Authority. If you need instructions on how to generate a CSR, refer to this article. If you already have a CSR, proceed to the next section.

    Acquiring the SSL certificate

    After you have created your Certificate Signing Request (the .txt file), you need to acquire the certificate before installing it in your application server.

    There are two ways to obtain a certificate:

    • Contact one Certification Authority
    • Contact your company's Certification Authority, if there is one

    Important Note:

    Self-signed certificates shouldn't be used for production systems with OutSystems 11.

    Check the OutSystems System Requirements for more information about the supported configurations.

    Installing the SSL certificate

    Important Note: Certificates have a chain comprised of the following: * Root + Intermediate + Final server (domain) certificate

    ​​Some Certificate Authorities issue the certificate with the complete chain, and others issue the final server (domain) certificate only, instructing the users to create the remaining parts of the chain. Before proceeding with the installation, check the integrity of your certificate, for example, using SSL Checker.

    Once you have acquired your certificate, you need to install it in your application server. The following sections include instructions on how to do it, for each of the application servers supported by OutSystems. These instructions assume that you have OutSystems installed, already. For instructions on how to install OutSystems, refer to Setting Up OutSystems.

    Note:

    You must run all commands as a user with Administrator privileges.

    Importing the root and intermediate certificates

    If your certification authority provided you with a root certificate and/or one or more intermediate certificates, you need to import them before installing your final server certificate. This ensures that you have a proper certification path that validates your server certificate. You will need to repeat these instructions for each intermediate certificate:

    1. Click the Windows Start button, type mmc, and press the Enter key to run the Microsoft Management Console.
    2. Click Yes to allow this app to make changes to your device.

      Microsoft Management Console permissions

      The Microsoft Management Console window opens.

      Microsoft Management Console window

    3. Go to File > Add/Remove Snap-in...

      Add or Remove Snap-ins

    4. Select Certificates and click Add. The Certificate snap-in window opens.

      Certificates snap-ins

    5. Select Computer Account and click Next >.

    6. Select Local Computer and click Finish.

      Select Computer

    7. Click OK to close the add/remove snap-in window.

    8. Expand the Certificates (Local Computer) entry on the left side.

      Expand the Certificates

    9. If you are installing a Root certificate, navigate to Trusted Root Certification Authorities, expand it, and select the Certificates entry.

    10. Right-click on Certificates, then select All Tasks > Import...

      Import Certificates

      The Certificate Import Wizard opens.

      Certificate Import Wizard

    11. In the Certificate Import Wizard, click Next.

    12. In the File to Import section, browse the location of your root or intermediate certificate (for example, MyCA_Root_or_Intermediate.cer), select it, and click Next.

      Certificate Import Wizard

    13. In the Certificate Store section, select the Place all certificates in the following store bullet.

      • If you are installing a Root certificate, choose the Trusted Root Certification Authorities certification store.
      • If you are installing an Intermediate certificate, choose the Intermediate Certification Authorities certification store.

        Certificate Import Wizard

    14. Click Next. A screen shows an overview of the certificate you are importing.

      Certificate Import Wizard

    15. Click Finish to complete the Certificate Import Wizard.

    16. Repeat steps 13 to 15 to install the other certificate (intermediate, in case you installed the root, or vice-versa). You must have both certificates installed.

    Importing the server (domain) certificate

    After importing the root and intermediate certificates, you need to import the server certificate (final domain certificate). Perform the following actions to accomplish this:

    1. Click the Windows Start button, go to Windows Administrative Tools and open the Internet Information Services (IIS) Manager.
    2. Click on the server name on the left side.
    3. On the center, scroll down to the IIS section, and double-click the Server Certificates icon.

      Internet Information Services Manager

    4. On the Actions menu on the right side, click on Complete Certificate Request...

      Internet Information Services Manager

      The Complete Certificate Request window opens.

    5. Click the ... button at the right side to browse the location where you keep the .cer certification file provided by your Certification Authority.

    6. Write a friendly name for the certificate (this is the name to use on future references).
    7. Select the Personal certificate store in the drop-down menu below, if asked.

      Complete Certificate Request on IIS

    8. Click OK. The installation of the certificate begins. Once the SSL Certificate is successfully installed to the server, you need to assign it to the appropriate website.

    9. At the Connections menu on the left side, select the name of the server on which you installed the certificate, and expand its tree.
    10. Expand the Sites element below and select the site to secure with SSL.
    11. At the Actions menu on the right side, click on Bindings...

      IIS bindings

      The Site Bindings window opens.

      IIS bindings

    12. In the Site Bindings window, click the Add... button. The Add Site Binding window opens.

      IIS bindings

    13. Fill out the following information:

      • In the Type drop-down menu choose https.

        IIS bindings

      • Insert the IP address of the site or choose All Unassigned.

      • Insert the Port for SSL traffic: 443.

      • In the SSL Certificate drop-down menu, select the friendly name of the certificate that you installed in the previous steps.

        IIS bindings

      • Click OK.

        IIS bindings

    14. Your SSL Certificate is now installed and the website configured to accept secure connections. You may have to restart the IIS or the server for it to recognize the new certificate.

    Configuring applications to use HTTPS

    Once you have installed the certificate, you are able to access your OutSystems applications using HTTPS.

    If you want to force the redirection of all accesses from HTTP to HTTPS, perform the following action:

    • Starting with OutSystems 10, you can control this behavior in the same way as before in Web Applications, that is, at Flow or Screen level, but also for the whole environment, which applies to all Web Applications in the environment, or for specific Web Applications. This is done via LifeTime.

    Note:

    HTTP requests are always secure in mobile apps (HTTPS), therefore this configuration does not apply to mobile scenarios.

    • Was this article helpful?