locked
HTTPS and certificates for IBCM Prerequisites? RRS feed

  • Question

  • When doing you initial installation of a new CM installation and know that you have future plans to deploy IBCM with client certificate authentication, should you or do you have to specify that you are using HTTPS in the initial configuration wizard and are you supposed set up SSL certificates and certificate binding in IIS in advance of starting the installation processes?

    Monday, July 6, 2015 6:41 AM

Answers

  • No you can do that when you really start implementing IBCM. Also, not the complete site has to run HTTPS to support IBCM, only the Internet-facing site system is required to run HTTPS.

    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    • Proposed as answer by Jörgen NilssonMVP Monday, July 6, 2015 9:26 AM
    • Marked as answer by MyGposts Tuesday, July 7, 2015 2:35 AM
    Monday, July 6, 2015 6:50 AM

All replies

  • No you can do that when you really start implementing IBCM. Also, not the complete site has to run HTTPS to support IBCM, only the Internet-facing site system is required to run HTTPS.

    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    • Proposed as answer by Jörgen NilssonMVP Monday, July 6, 2015 9:26 AM
    • Marked as answer by MyGposts Tuesday, July 7, 2015 2:35 AM
    Monday, July 6, 2015 6:50 AM
  • The plan is for it to be a single server single site deployment with the same internal server accessible on the LAN as well as externally through a reverse proxy. 

    All of CM (including SQL) on a single box

    Total site is about 500 computers.

    Monday, July 6, 2015 6:58 AM
  • Even in that case you can install the site first in HTTP and switch later to HTTPS.

    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    Monday, July 6, 2015 7:09 AM
  • Even in that case you can install the site first in HTTP and switch later to HTTPS.

    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    You're making it sound too simple, if you switch the MP to manage just internet based clients only the existing Intranet clients will no longer communicate and will need to be re-installed with the IBCM switches and have a certificate issued. Communication will also change from port 80 to 443.

    If you simply just change the MP to be able to communicate over both HTTP & HTTPS your existing clients will continue to work but you won't be in a true IBCM setup.

    If it was possible, I'd look at installing an additional site server in your DMZ (or even internal network) and have that additional MP/DP/SUP setup to manage Internet only clients.

    Just my 2 cents.

    Wednesday, July 8, 2015 11:36 AM
  • We need it to work with just one server.

    Also, there will not be many "internet only" clients.  The laptops may be off site 90% of the time, but they will be brought into the office occasionally for things such presentations.

    We need them to adjust automatically to work with CM whether they are on the Internet or on the LAN.

    We need CM to either work with both HTTP and HTTPs with HTTPS-only from the Internet through a reverse proxy or we need all clients internal and external to use HTTPS all the time.

    If we go with all HTTPS for everyone, what do we need to make this work?  

    When I tried setting up CM with HTTPS, I saw warning messages in the installation wizard that made it look as if you need to have the sites already preconfigured with certificates and HTTPS bindings in IIS before you start installing CM.

    Wednesday, July 8, 2015 1:13 PM