MFA Guides

Establishing an HTTP/HTTPS Redirect

To establish an HTTP/HTTPS Redirect in RapidIdentity MFA, click the links in the order that they are listed below for detailed steps.

Create and Upload SSL/TLS HTTPS Certificate

Follow these steps to create and upload your SSL/TLS HTTPS certificate into IIS.

  1. Request and download your SSL certificate from a Microsoft Trusted Root certificate provider.

  2. Download your certificate in the .PFX keystore format from your certificate authority.

    Note

    If .PFX keystore format is not a download option from your certificate provider, download your CA provided public certificate, private certificate, and intermediary certificates, then use OpenSSL to create a .PFX keystore from your certificates.

    1. The most basic format an SSL certificate will include is the public key, intermediary certificate bundle, and the private key.

      2a.png
    2. Run OpenSSL in the CLI with the appropriate arguments to generate your .PFX keystore:

      .\openssl.exe pkcs12 -export -out cert.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt -passout pass:idauto
      2c.png

      Alternatively, the SSLShopper online SSL Conversion tool can be used to create the .PFX as shown in this screenshot:

      2cb.png
  3. Upload your SSL certificate into IIS.

    cert_in_iis.png
    1. Select Import... from the Actions menu on the right.

      Import.png
    2. The Import Certificate window will launch. Fill out the following fields:

      importcert.png
      1. Locate the Certificate file (.pfx).

      2. Enter the Password.

      3. Click OK.

  4. Set bindings and Host name for the site.

    1. Click on Bindings... from the Edit Site submenu on the right.

      Bindings_click.png
    2. In the generated window, click on Add... to add the site bindings.

      site-bindings.PNG

      Note

      While the binding is being added to the default website, it will set on all concurrently. HTTPS will appear twice in the Site Bindings, because the site can be visited through the URL or through an IP, however the redirect will occur for both.

    3. In the Add Site Binding window, enter the Host name and use the drop-down to select the appropriate SSL certificate and click View....

      add-site-binding.PNG
    4. Click OK on the generated Certificate window.

      Certificate_Window.png
    5. Click OK on the Add Site Binding window.

      add-site-binding_OK.PNG
  5. Test and verify by visiting your RapidIdentity Server and clicking on the lock icon.

    validate.png
Setting up HTTP/HTTPS redirect in IIS

Once IIS is installed and an SSL/TLS HTTPS certificate has been created and uploaded, an HTTP/HTTPS redirect in IIS will need to be established to force a secure connection. This connection makes the traffic encrypted between the server and the client side.

  1. Verify that the FQDN is set with HTTPS in your /Website/Web.config file.

    fqdn-spots.PNG
  2. Download and install the Rewrite Module: Microsoft URL Rewrite Module 2.0 for IIS (x64).

    Note

    This rewrite module will need to be installed on the server hosting RapidIdentity MFA web services that you would like to redirect.

  3. Open the IIS Manager console and select Default Web Site from the left-side Connections menu. Selecting the default web site will allow the redirect to be added to all web sites concurrently.

    Menu.png
  4. Double-click on the URL Rewrite icon.

    Icon.png
  5. Create a new Blank rule.

    Rewrite.png
    1. Under the Actions section located on the right of the screen, click on Add Rule(s)....

    2. Under the Inboud rules section, highlight Blank rule.

    3. Click Done.

    Note

    The rule name can be customized during this step.

  6. Set the pattern by clicking the drop-down arrow of the Match URL section.

    Match_URL.png
    1. In the Requested URL drop-down menu, select Matches the Pattern.

    2. In the Using drop-down menu, select Regular Expressions.

    3. In the Pattern field, enter (.*).

    4. Put a check in the Ignore case box.

  7. Set the Condition by selecting Match all under the Logical Grouping menu of the Conditions section and click Add. In the generated window, set the following options:

    Conditions.png
    1. Input = {HTTPS}

    2. Type = Matches the Pattern

    3. Pattern = ^OFF$

  8. In the Action section, set the following options:

    action.PNG
    1. Action type = Redirect

    2. Redirect URL = https://{HTTP_HOST}/{R:1}

    3. Leave Append query string box as checked.

    4. Redirect type = See Other (303)