...
Code Block | ||
---|---|---|
| ||
$todaydt = Get-Date
$10years = $todaydt.AddYears(10)
New-SelfSignedCertificate -dnsname *.YourServerNameHere.YourDomainNameHere.Local -notafter $10years -CertStoreLocation cert:\LocalMachine\... |
Navigate to Microsoft Management Console (MMC) and add the snap-in for certificates at the local computer account. Copy the PowerShell Self-Signed Certificate from the Personal > Certificates folder and paste it to the Trusted Root Certification Authorities > Certificates Folder. This step will ensure that the local machine has access to the certificate.
In order for the entire domain to recognize the certificate we suggest using Active Directory Group Policy to deploy the certificate. The steps below can be used to configure the certificate deployment within active directory group policy:
Log in to your Active Directory server using a domain administrator account
Open the Group Policy Management Console
Create a new GPO or use an existing one of your choice
Right-click the desired Group Policy Object and select “Edit”
Go to Computer Configuration -> Policies -> Windows Settings -> Security Settings ->Public Key Policies
Right-click Trusted Root Certification Authorities, and select “Import”
In the Certificate Import Wizard click Next, and in the File to Import page, click Browse and navigate to where your certificate is saved, and double click it
With the cert listed in the “File name” click Next
Accept the default option, Place all certificates in the following store (Trusted Root Certification Authorities), click Next, and then click Finish and OK
Link the GPO to the OU of the systems you want the certificate installed onto
Note that you should only need one certificate per Web Server.
...
Each instance of NorthScope Live and Test should have their own Website and Application Pool with the same naming conventions as the database and file structure.
Open IIS Manager on the web server
Create the Application Pool
Navigate to Application Pool and right click to “Add Application Pool”
Configure the name to match the file structure and database, using our example this would be: NS_Live_NLP
Verify the “.Net CLR Version v4.0.30319“ is selected
Select “Integrated” pipeline mode
Check the “Start application pool immediately” option
Edit the Advanced Settings of the Application Pool
Select to the “Identity” setting to set a Custom account and use the user setup in Step 4: “YourDomain\NS_Live_NLP”
Improve performance by adjusting the Regular Time Interval
This Advanced Setting determines how long before a connection that is not active is closed. Under the Application Pool Tasks, expand “Recycling”. Change the Regular Time Interval to 120 minutes.
Create the Website
Navigate to Sites and right click to “Add Website”
Enter a Site Name that matches the instance name, in our example this would be: NS_Live_NLP
Select the previously created Application Pool
Point the Physical Path to the path you are using from Step 5. In our example this would be: “C:\NorthScope\NS_Live_NLP\Web”
Click the Connect as button so that we can specify the account used to access the website path. Set the User Name to match the user we setup in Step 4: “YourDomain\NS_Live_NLP”
Set Binding Type = “https”
Enter Host Name as the NorthScope instance and then the full computer name or fully qualified domain name depending on tour setup.
If using a local domain with our instance name example this would be: NS_Live_NLP.YourServerHere.YourDomain.local
If using a proper domain this would be: NS_Live_NLP.YourDomain.com
Select your previously purchased and installed certificate or your self-signed certificate
Edit the Advanced Website Settings to improve performance
Select IIS > Default Document and move “Default.aspx” to the top of the list
Note that you will need one website for each NorthScope instance.
...