Problem Statement
A provider wants to install an SSL certificate on BA for the Windows Control Panel server.
Resolution
In BA for Windows, the SSL certificate is configured by standard IIS configuration.
Follow these steps to install the SSL certificate:
- Copy the file containing the SSL certificate to the PBA-E application server.
- Open the RDP (Remote Desktop) connection to this server.
- Run Start > Administrative Tools > Internet Information Services (IIS) Manager.
- Right-click on
Default Web Site
, or the website the certificate was created for, then selectProperties
. - On the selected website properties dialog, select the
Directory Security
tab. - Click
Server Certificate
. - The IIS Certificate Wizard should start.
- Select
Process the pending request and install the certificate
option, and clickNext
. Follow the wizard steps until finished.
Chain SSL Certificate
If the SSL certificate is issued by Certification Authority, not included in the list of web browser trusted authorities, customers are shown an alarming warning upon time opening the Online Store or BA Control Panel for the first time. The warning states that the SSL certificate is unknown (for their browsers), and asks whether to trust your certificate or not.
However, the SSL certificate is absolutely reliable, and is issued by one of the authorized SSL providers. This SSL provider is just not included in the list of the browser's default trusted authorities. In this case, the undesirable warning can be suppressed by means of chain certificate.
A certificate chain is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. The purpose of a certificate chain is to establish a chain of trust from a peer certificate to a trusted Certificate Authority (CA) certificate. The CA vouches for the identity of the peer certificate by signing it.
To configure the chain SSL certificate, import the intermediate certificate using the Microsoft Management Console (MMC).
To ensure the certificate chain works, open the IIS Manager, select needed website properties, go to the Directory Security
tab and click View Certificate
.
Additional information
For more information, refer to Windows and IIS documentation.