HTTPS/SSL Support

HTTPS is fully supported by all of the hosted web sites and must be manually configured for your site.

These instructions are only a guide and may change based on version or site conditions. Because the system uses the standard Apache Web Server, the configuration can be performed using many online resource guides.

Background

HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.

Certificates are typically signed by a Certificate Authority on the internet. However because the web sites hosted by the voice mail are on an intranet it is not possible to purchase or receive a certificate from an any authority and a self-signed certificate must be created onsite.

Even after installing a certificate ALL browsers will complain the web site your going to is insecure. This is by design because the certificate it found is self-signed and cannot be verified by a certificate authority. Telling the browser to accept the certificate will cause it never to prompt again.

Creation

Using this method a certificate will be generate for a period of 1095 days. Once it's expired a new one must be created.

  1. Open the Start menu and type “cmd”
  2. Right click “Command Prompt” and select “Run as Administrator”
  3. Copy <html>cd c:\inetstack\apache\bin</html> and paste it in with a right click or ctrl+v. Hit enter.
  4. Copy <html>SET OPENSSL_CONF=c:\inetstack\apache\conf\openssl.cnf</html> and paste it in with a right click or ctrl+v. Hit enter.
  5. Copy <html>openssl req -x509 -nodes -days 2555 -newkey rsa:2048 -keyout c:/inet/vskey.pem -out c:/inet/vscert.csr</html> and paste it in with a right click or ctrl+v. Hit enter.
  6. This will begin the process of creating an SSL certificate. The program will ask you for information required to complete the certificate. If you enter wrong information by accident, use ctrl+c to kill the process. Enter the previous command to start again.
  7. If some information doesn't apply, simply enter a <html>.</html> (period) and the field will be left blank. This information can be seen in browsers after the certificate is installed.
  8. Enter your two letter country code of where the system is being used. Here is a list: https://www.digicert.com/ssl-certificate-country-codes.htm
  9. Enter the full name of the state or province.
  10. Enter the full name of the city or town (locality).
  11. Enter the full name of the organization.
  12. Enter the full name of the organization unit name.
  13. Enter the Common Name of the server. Normally this is a domain, but on an internal network it can just be the name of a server, or a name of someone.
  14. Enter an email address.

Configure

In order to implement HTTPS the configuration file must be modified using a text editor of your choice or even notepad.exe. These instructions allow for both standard HTTP and HTTPS requests.

If a site doesn't want to allow any HTTP requests, follow the optional instructions.

Apache uses the character # as a comment. Removing this character will force Apache to read the line. All the settings are already prepared in all the configuration files and most changes are simply to remove this character.

DuVoice configuration file

  1. Open c:\inet\vs.conf
  2. Search for define USE_SSL
  3. Remove the # sign in front of the word define.
  4. (Optional) In order to force HTTPS always, search for #<VirtualHost *80> and remove the # in front of this block. The vs.conf file has a comment about this within it.
  5. Save and exit file.

Apache configuration file

  1. Open c:\inetstack\apache\conf\httd.conf
  2. Search for Listen 80.
  3. Directly below it should be the line #Listen 443. Change this line to Listen 443.
  4. (Optional) If you wish to force HTTPS, change the Listen 80 line to #Listen 80.
  5. Save and exit file.

Apply Changes

Restart Apache.

  • Right click the Apache icon in the System Tray (the icons in the bottom right of the task bar) and select “Open Apache Monitor.”
  • Apache Monitor can also be found by typing “Apache” in the Start Menu.

Select the restart option.

If the server doesn't start you can test the configuration via the Start Menu item under Apache labeled Test Configuration. This will tell you which line of which file is bad.

Installing Existing Certificates

If you already have certificates to install, follow this guide. If you just created one, skip this section.

  1. Move your key file (.pem) to c:/inet/ and rename it to vskey.pem.
  2. Move your certification file (.csr) to c:/inet/ and rename it to vscert.csr.
  3. Open the Start menu and type “cmd”
  4. Right click “Command Prompt” and select “Run as Administrator”
  5. Copy <html>SET OPENSSL_CONF=c:\inetstack\apache\conf\openssl.cnf</html> and paste it in with a right click or ctrl+v. Hit enter.
  6. Open the c:\inetstack\apache\conf\openssl.cnf file
  7. Edit the lines after <IfDefine USE_SSL> if you have a different cipher or protocol.
  8. Follow the Configure and Apply Changes sections above.

Example

Do not overwrite the existing file with what is shown here. While we always distribute a file which can be modified to support HTTPS some versions may have differences.

Default

Default file without changes. 

#
# SSL:
#
# SSL certificates cannot be purchased for intranet sites, therefore you must create one locally.
#
# For more detailed information on this process see: https://httpd.apache.org/docs/2.4/ssl/ssl_faq.html
#
# Instructions:
# These instructions and settings expect files to be of a certain name. You can use any names you like
# however you will need to edit this file to match those new names.
#
# 1. Add 'Listen 443' under 'Listen 80' in c:\inetstack\apache\conf\httpd.conf
# 2. Open a command prompt.
# 3. CD c:\inetstack\apache\bin\
# 4. SET OPENSSL_CONF=c:\inetstack\conf\openssl.cnf
# 5. Execute the following.
#    openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout c:/inet/vskey.pem -out c:/inet/vscert.csr
# 5. Uncomment 'define USE_SSL below.
# 6. Restart Apache.
#
# define USE_SSL


#
# Only attempt to do ssl if module has been loaded
#
<IfModule ssl_module>

    <IfDefine USE_SSL>
        SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
        SSLHonorCipherOrder on
        SSLProtocol all -SSLv3
        SSLPassPhraseDialog  builtin
        SSLSessionCacheTimeout  300

        #
        # Uncommenting the following lines will force all connections to be https.
        #
        #<VirtualHost *:80>
        #  RewriteEngine on
        #  RewriteCond %{SERVER_PORT} !^443$
        #  RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
        #</VirtualHost>

        <VirtualHost *:443>
          RewriteEngine On
          RewriteCond %{HTTPS} off
          RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

          SSLEngine on
          SSLCertificateFile "c:/inet/vscert.csr"
          SSLCertificateKeyFile "c:/inet/vskey.pem"
        </VirtualHost>
    </IfDefine>
</IfModule>

#
# Default web sites for DV2000.
#
DocumentRoot "c:/inet/vs/public"
<Directory "c:/inet/vs/public">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

#
# Single sign-on interface.
#
Alias /sso "c:/inet/sso/public"
<Directory "c:/inet/sso/public">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>


#
# Uncomment the following line to force default homepage to InnDesk rather than normal homepage.
#
#"RedirectMatch ^/$ /inndesk/"

HTTPS

File configured for HTTPS and forces it. 

#
# SSL:
#
# SSL certificates cannot be purchased for intranet sites, therefore you must create one locally.
#
# For more detailed information on this process see: https://httpd.apache.org/docs/2.4/ssl/ssl_faq.html
#
# Instructions:
# These instructions and settings expect files to be of a certain name. You can use any names you like
# however you will need to edit this file to match those new names.
#
# 1. Add 'Listen 443' under 'Listen 80' in c:\inetstack\apache\conf\httpd.conf
# 2. Open a command prompt.
# 3. CD c:\inetstack\apache\bin\
# 4. SET OPENSSL_CONF=c:\inetstack\conf\openssl.cnf
# 5. Execute the following.
#    openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout c:/inet/vskey.pem -out c:/inet/vscert.csr
# 5. Uncomment 'define USE_SSL below.
# 6. Restart Apache.
#
define USE_SSL


#
# Only attempt to do ssl if module has been loaded
#
<IfModule ssl_module>

    <IfDefine USE_SSL>
        SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
        SSLHonorCipherOrder on
        SSLProtocol all -SSLv3
        SSLPassPhraseDialog  builtin
        SSLSessionCacheTimeout  300

        #
        # Uncommenting the following lines will force all connections to be https.
        #
        <VirtualHost *:80>
          RewriteEngine on
          RewriteCond %{SERVER_PORT} !^443$
          RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
        </VirtualHost>

        <VirtualHost *:443>
          RewriteEngine On
          RewriteCond %{HTTPS} off
          RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

          SSLEngine on
          SSLCertificateFile "c:/inet/vscert.csr"
          SSLCertificateKeyFile "c:/inet/vskey.pem"
        </VirtualHost>
    </IfDefine>
</IfModule>

#
# Default web sites for DV2000.
#
DocumentRoot "c:/inet/vs/public"
<Directory "c:/inet/vs/public">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

#
# Single sign-on interface.
#
Alias /sso "c:/inet/sso/public"
<Directory "c:/inet/sso/public">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>


#
# Uncomment the following line to force default homepage to InnDesk rather than normal homepage.
#
#"RedirectMatch ^/$ /inndesk/"
  • Last modified: 2023/08/02 17:27
  • by 127.0.0.1