Enable HTTPS for Secure Communication

Enable HTTPS

If you want to use HTTPS for secure communication (SSL/TLS) and you already have a certificate for the website (see "SSL Certificate"), do the following:

  1. In the Connections pane of the IIS Manager, open the Sites node under the server name. Click the Default Web Site.
  2. In the Actions area on the right side of the window, click the Bindings link and then click the Add button in the Site Bindings window that appears.
  3. Add a site binding of type https and specify your digital certificate. Close the Site Bindings window.
  4. Return to the Connections pane and click the XFRACAS site.
  5. Under IIS, double-click the SSL Settings icon. Select Require SSL and Ignore, then click Apply.

Enable TLS 1.2 Protocol for HTTPS (Windows 2012)

If you are using HTTPS for secure communication and you wish to enable TLS 1.2, the same protocol must be enabled for the database server, the web server and .NET on the web server. (Also note that if you are using a digital certificate, it must be SHA-256 or higher.)

If your web server and database server are both Windows 2016 or 2019, the TLS 1.2 protocol will be enabled by default. If either server is Windows 2012, add the following registry keys:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]

"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]

"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]

"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

"DisabledByDefault"=dword:00000000