SSL Certificate - Solution Configuration Manager - 23.1 - 23.1 - Brainware - external

Solution Configuration Manager Installation Guide

Platform
Brainware
Product
Solution Configuration Manager
Release
23.1
License

An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection between a web server and a web browser. The SCM installer installs an SSL (Secure Sockets Layer) certificate in order to provide a secure browsing experience. It is mandatory to configure SSL (https) if using SCM installer.

Using an existing SSL certificate

  • It is recommended to obtain an SSL certificate from a reliable Certificate Authority (CA) only.

  • The selected SSL certificate must have both public and private keys associated with it.

  • The user account used for the Application Pool must have necessary permission to access to the private keys of the selected SSL certificate. For more information on how to provide permission to a user account to access the public and private keys of an SSL certificate, refer to Manage User Account Permissions for SSL Certificate.

  • The Thumbprint field under the Details tab of the Certificate dialog box contains the certificate hash of an existing certificate. This might be required during silent installation process or for any certificate related modifications.

Using a self-signed SSL certificate

  • It is not recommended to use the self-signed certificate in production environment. You can use it only for testing, POCs or KT.

  • The selected SSL certificate must have both public and private keys associated with it.

  • The user account used for the Application Pool must have necessary permission to access to the private keys of the selected SSL certificate

Manual Customization

How to manually change the SSL certificate after SCM installation?

If you need to change the certificate (that is used during installation or any certificate that is being used by SCM currently), you need to follow the following steps:

  1. Open Internet Information Services (IIS) Manager and under Connections, click the name of the server and then double-click Server Certificates.
  2. In the Server Certificates area, select the appropriate certificate and double-click to open it. The Certificate dialog box is displayed.
  3. Click the Details tab and copy the thumbprint of the certificate.
  4. Go to the SCM install directory and open the web.config file in administrator mode in any text editor.
  5. Search for the key “CertificateHash” and replace the existing value with the copied text (the thumbprint value).
  6. Remove the old “value” for the key “PICEncPassword”. Example: <add key="PICEncPassword" value="" />
  7. Remove the old “value” for the key “SCMEncPassword”. Example: <add key=" SCMEncPassword " value="" />
  8. Go to the connection string section for BIC and replace the “*****” with appropriate password for the connection string in plain text.
  9. Go to the connection string section for SCM and replace the “*****” with appropriate password for the connection string in plain text.
  10. Save the web.config file and restart IIS.
  11. Log in to the SCM application.
  12. After successful log-in the passwords kept in plain text are removed and are kept in encrypted format in “PICEncPassword” and “SCMEncPassword” sections respectively in the web.config file.

The IIS app pool (SCM Pool) user must have read permission for the private key of the newly used certificate. Refer to Manage User Account Permissions for SSL Certificate section for more information.

Note: If you modify the CertificateHash manually, you also need to also update the old passwords stored in “Manage Database Connections” of the SCM application.

How to configure http?

  • If you manually modify the Certificate Hash in the web.config file, you must restart IIS to apply the modified configurations.

  • You must restart IIS after performing any manual configurations.

  • Any manual modifications to the IIS must be done before or after using the SCM Installer. You must ensure that IIS is not in use during the installation process. Also, ensure that IIS is not being modified externally at the same time.

  • If SSL certificate is configured prior to using the SCM installer, the existing configuration will be maintained.

After using SCM installer, if a user tries to connect using the http protocol, the login will be unsuccessful. The trace.log file displays an error. If an administrator wants to use the http protocol instead of https then the following modifications need to be made to the Web.config file.

  1. In the httpcookies node under system.web section change the requireSSL attribute to false.

  2. In the forms node under authentication section change requireSSL attribute to false.

Note: HTTP it is not secure and not recommended . By default, the application is configured to use only HTTPS.

How to fix issues with old passwords?

  • After manually modifying the CertificateHash in the web.config file, the old passwords stored in the SCM database is not decrypted using the current certificate. So any projects in SCM using a connection string with old or existing encrypted password (before certificate hash change) will throw errors. To fix this issue, you need to update your existing passwords and save. You only need to perform this action once if you have an already saved connection string in SCM.

For more information, refer to the Can not decrypt password. Please change the existing password for Connection Number topic in the Troubleshooting section.