6 minute readApplies to: v4

How to configure SSL (HTTPS)

Overview

HTTPS is required to login to SquaredUp for Azure.

When deployed by the Marketplace SquaredUp can either be configured with a self-signed certificate with 12 months expiry, or a Let's Encrypt® certificate. It is best practice to replace a self-signed certificate with a trusted certificate prior to moving into production.

When using the downloadable installer to install SquaredUp for Azure you will need to choose how you want to configure the SSL certificate. SquaredUp for Azure will only work using HTTPS.

ConfigureSSLBinding_4_5

At any point you can change your certificate options in IIS.

You have three options:

  • Existing Certificate
  • Create Self-Signed Certificate
  • Configure Later

If you are trialling SquaredUp, and unsure which option to choose, you may choose to use a self-signed certificate for the duration of the trial.

If you are accessing SquaredUp via a public IP address it is best practice to purchase a trusted SSL certificate.

If you are accessing SquaredUp internally you can use an AD domain issued certificate.

Existing certificate

What this option does:

This option will create an IIS binding on port 443 using the hostname and certificate you specify.

When to use this option:

Use this option to choose an existing SSL certificate from the computer's personal store.

Only choose this option if port 443 is not already being used for another app. If port 443 is already in use, or you wish to specify an IP address or different port number, then you should choose Configure later.

You should choose this option if you have already acquired and imported a trusted certificate. For example, if you are deploying SquaredUp on a web server that has already previously had a trusted certificate configured. This could be for a different application or for a previous SquaredUp installation.

Create Self-Signed Certificate

What this does:

The installer will create a new self-signed certificate, set to expire after 12 months. This option will create a 443 binding using the hostname you specify.

If an appropriate self-signed certificate already exists, then this will be used (this may have less than 12 months remaining).

When to use this:

If you choose this option to use a self-signed SSL certificate then SquaredUp users will see a browser warning and will need to explicitly agree to proceed. In Chrome this is done by clicking Advanced.

If you are trialling SquaredUp, or unsure which option to choose, you may choose to use a self-signed certificate.

If you are using this on an internal domain joined machine you may choose to use a self-signed certificate and accept the security warning.

If you are accessing SquaredUp across the public internet it is best practice to use a trusted SSL certificate and not a self-signed certificate.

Only choose this option if port 443 is not already being used for another app. If port 443 is already in use, or you wish to specify an IP address or different port number, then you should choose Configure later.

If after 12 months you wish to continue using a self-signed certificate you will need to generate a new 12 month self-signed certificate, see How to generate a self-signed certificate.

Configure later

What this does:

This will not configure any SSL bindings, you will need to configure an appropriate binding manually within IIS.

While you can choose to configure the SSL certificate later, please note that SquaredUp will not work until https has been configured with a SSL certificate.

When to use this:

You already have websites using port 443, or wish to use a different port number or IP address combination.

How to configure your own certificate

You will need to connect to your SquaredUp server.

  1. Log in using the credentials you specified when creating the VM.
  2. Launch IIS and under Connections select the server (squaredup).
  3. Double-click Server Certificates.
  4. From the right-hand menu select Import and follow the steps to import your certificate.
  5. Under Connections expand Sites and select SquaredUpv4.
  6. From the right-hand side menu select Bindings.
  7. Select Add.
  8. Set the Type to https.
  9. Enter the new hostname/domain in the Host name field.
  10. Select the SSL certificate you added above under SSL certificate.
  11. Select OK.
  12. Select Close.
  13. From the right-hand menu select Restart.

FAQs

What are the downsides to using a self-signed cert?

If you choose the option to use a self-signed SSL certificate then SquaredUp users will typically see a browser security warning and will need to explicitly agree to proceed. For example, in Chrome this is done by clicking Advanced, in Edge by clicking Details.

It is best practice to only use self-signed certificates in internal (LAN) environments.

What if I don't want to use a self-signed cert?

You need to acquire a trusted certificate either by purchasing one from a trusted certificate authority (CA), or one issued by your AD domain / internal certificate authority (CA).

Help my certificate is about to expire!

If after 12 months you wish to continue using a self-signed certificate you will need to generate a new 12 month self-signed certificate, see How to generate a self-signed certificate.

What is a Let's Encrypt certificate?

When installing via the Marketplace you can either user a self-signed certificate, which may cause a browser warning that the website is insecure and users will need to explicitly agree to proceed, or you can use a Let's Encrypt certificate.

The Let's Encrypt certificate is trusted by browsers and valid for 90 days. It will renew automatically every 55 days, as long as the site is accessible through port 80, as that is how the http challenge is conducted. Using a Let's Encrypt certificate stops a browser warning appearing to users.

To install the Let's Encrypt certificate a self-signed certificate is temporarily installed, so a browser warning may appear in the first 2 minutes before the Let's Encrypt certificate is applied.

How to change the hostname/domain of SquaredUp

How to generate a self-signed certificate

How to change which Azure Tenant your instance of SquaredUp is connected to

How to deploy SquaredUp for Azure

How to install SquaredUp for Azure using the installer

Let's Encrypt is a trademark of the Internet Security Research Group. All rights reserved.

Squared Up Ltd. (c) 2020Report an issue with this article