At installation time some customers elect to customize aspects of their Passwordstate installation. By default, Passwordstate will use the Host Name of the Webserver that it is being installed on. Alternatively, you can specify a custom URL (Uniform Resource Locator) to make it easier for users to remember the system (in case they haven’t book marked it in their favourites) or simply if you want to brand your installation.
Creating an appropriate DNS Record
In order to be able to use a custom URL you will need to create a CNAME DNS entry. You should never try to use host files for name resolution as they do not work with Windows Authentication in Microsoft IIS (Internet Information Services).
In the following example I will be creating a custom URL for my “Sandpit” Passwordstate Instance. This instance is used for testing out new releases, producing the blog entries and basically familiarising myself with the functionality, new and existing, in Passwordstate. First, connect to your Windows Server hosting your DNS settings and start DNS Manager;
under Forward Lookup Zones select your Domain and create a CNAME (Canonical Name Record or Alias) as per the image below. Note your Alias name and Fully Qualified domain name (FQDN) will be different to prbpasswordstate, and the taget host is your Passwordstate web server;
Modify your IIS Bindings
Next, you’ll need to modify the bindings in IIS to match the URL that was set in DNS Manager. To do this login to the Webserver that your Passwordstate instance is hosted on and start Internet Information Services (IIS) Manager;
Under your Webserver, navigate to Sites and select Passwordstate from the Left-Hand pane. In the Right-Hand pane click on Bindings… as per the image below;
When you click on edit to supply the details it’s worthwhile ensuring you use port 443 as you’ll no longer need to append the port number to the end of your URL (your Web Browser automatically adds 443 silently to your URL making it easier to remember).
Generate a new Certificate
Next, you’ll need to create a new Certificate and there are a number of options for this;
- The Self-Signed Certificate that Passwordstate installs
- An internal Certificate Authority
- A purchased Wildcard Certificate from a Certificate Authority (best option)
If you elect not to use a purchased SSL Certificate from a Certificate Authority you can still generate a more secure certificate to use on your Passwordstate website. This will be generated by using an Internal Certificate Authority. Please see this forum post on how to first setup an Internal Certificate Authority. Once done you can then follow these instructions on how to generate a new Certificate from your Internal Certificate Authority.
Creating a new Self-Signed Certificate is straight forward. On your Webserver, Run PowerShell ISE as an Administrator and ensure your PowerShell version is at least V 4.0. To confirm what version you are running type $host into the console and you should see a response similar to below;
Next copy the following code into your Powershell ISE console, changing the URL in the second line to be your new URL (in my example it’s prbpasswordstate.halox.net) and run the script. it will create a new Self-Signed certificate for you;
# Begin script
$URL = “prbpasswordstate.halox.net”
$PowershellVersion = $host.version.Major
# Create the SSL Certificate, using different commands depending on which version of Powershell is installed. Preferably Powershell 5, as this allows us to set a longer expiry date on the certificate
if ($PowershellVersion -eq ‘4’)
{
$cert = New-SelfSignedCertificate -DnsName $URL -CertStoreLocation Cert:\LocalMachine\My
}
if ($PowershellVersion -eq ‘5’)
{
$StartDate = ’01/01/’ + (Get-Date).Year
$EndDate = ’01/01/’ + (Get-Date).AddYears(5).Year
$cert = New-SelfSignedCertificate -DnsName $URL -CertStoreLocation Cert:\LocalMachine\My -FriendlyName $URL -NotBefore $StartDate -NotAfter $EndDate
}
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
$rootStore.Open(“MaxAllowed”)
$rootStore.Add($cert)
$rootStore.Close()
Now navigate back to IIS, go to the bindings… for the site, double-click on the https binding, and select the new SSL certificate you’ve just created from the drop-down list and click OK;
Modify Passwordstate Base URL
Lastly, you’ll need to specify the new base URL to reflect the new custom URL that you’ve set. To do this open your Passwordstate instance and navigate to Administration->System Settings->Miscellaneous Tab and update your Base URL as per the image below;
Note that this URL is used forlinks in the emails, permalinks etc.
That’s it for this week and as always, your feedback is welcome via support@clickstudios.com.au.