HTTPS configuration and process between SI and MS IIS

Mirjana's picture
I will go through settings we have to done at SI (HTTP client) and IIS (HTTP server) sides, in order to obtain HTTPS connection with server and client authentication included
IIS Manager:
URL that will be used in our process is:

Server Authentication
  • Apply Server Certificate in IIS server (for server authentication)
Right click on Default Web Site >> Properties >> Directory Security >> Server Certificate … add a certificate you wish.
  • Public key of the server certificate must be gotten from a partner and added as CA certificate in SI
Dashboard >> Trading Partners >>Digital Certificates >> CA >> New Certificate …  
Certificate checked in to the system is:
This certificate must be added to HTTP Client Begin Session Service as CACertificateID
Client Authentication
  • Certificate on SI:
We have to have a certificate (private – public) in the client side and its public key in the server side. After getting certificate, created by any wizard like self-signed or gotten by CA, we have to deploy it in SI system.
Dashboard >> Trading Partners >>Digital Certificates >> System >> Check-in
This certificate must be added to HTTP Client Begin Session Service as SystemCertificateId
  • Turn on client authentication on IIS side:
Right click on the application name that you will access to (e.g. mirjanaTest in our example) >> Properties >> Directory Security >> Secure communications >> Edit … >> Require secure channel (SSL) >> Require client certificates
  • Managinging trusted root certificates for a local computer
To include a root certificate in the server side, for client authentication, go to Microsoft Management Console, MMC (write mmc in Run or command prompt).
File menu >> Add/Remove Snap-in >> Add >> Certificates >> Computer account >> Local computer and open Certificates for the Local Computer
Go to Trusted Root Certification Authorities >> Certificates (right click) >> All Tasks >> Import … and import a new certificate (e.g. ABC)
BPML, server and client authentication included:
<process name="default">
 <sequence name="Sequence Start">
    <operation name="HTTP Client Begin Session Service">
      <participant name="HTTPClientBeginSession"/>
      <output message="HTTPClientBeginSessionServiceTypeInputMessage">
        <assign to="." from="*"></assign>
        <assign to="RemoteHost">putest</assign>
        <assign to="SystemCertificateId">MIRJANA:node1:12e4c62e17e:70732</assign>
       <assign to="HTTPClientAdapter">HTTPClientAdapter</assign>
        <assign to="CACertificateId">MIRJANA:node1:12e37c1aba0:172438</assign>
        <assign to="SSL">Must</assign>
        <assign to="RemotePort">443</assign>
        <assign to="CipherStrength">all</assign>
      <input message="inmsg">
        <assign to="." from="*"></assign>
    <operation name="HTTP Client GET Service">
      <participant name="HTTPClientGet"/>
      <output message="HTTPClientGetServiceTypeInputMessage">
        <assign to="." from="*"></assign>
        <assign to="SessionToken" from="SessionToken/text()"></assign>
        <assign to="URI">/mirjanaTest/test.html</assign>
      <input message="inmsg">
        <assign to="." from="*"></assign>
    <operation name="HTTP Client End Session Service">
      <participant name="HTTPClientEndSession"/>
      <output message="HTTPClientEndSessionServiceTypeInputMessage">
        <assign to="." from="*"></assign>
        <assign to="SessionToken"