When Access Management is installed on Windows, either as a Windows service or as a standalone process, you can enable and configure HTTPS by editing the application settings file, appsettings.json.
Before you begin
This task assumes that you have a signed certificate, either issued from an certificate authority (CA) or self-signed. The certificate may be stored in either of the following locations on the server where you the installed Access Management service:
- a root certificate store
- a folder to which Access Management has
Read permission, such as the bin\Certificates folder of the installed service
Procedure
- Go to the bin\ subfolder of the root folder where the Access Management service is installed.
- Open appsettings.json for editing.
- Find the section
URLs section.
- Replace the
URLs section in its entirety with a new Kestrel section according to one of the following samples, depending on how your certificate is installed:
If the certificate has been installed to a root certificate store of the local computer, use the following example:
"Kestrel": {
"EndPoints": {
"HttpsInlineCertFile": {
"Url": "https://*:443",
"Certificate": {
"Subject": "SUBJECT",
"Store": "Root",
"Location": "LocalMachine"
}
}
}
}
Where:
SUBJECT refers to the Subject property of the certificate. It is often the DNS name of the server where the certificate is installed.
If the certificate is located in any other folder:
"Kestrel": {
"EndPoints": {
"HttpsInlineCertFile": {
"Url": "https://*:443",
"Certificate": {
"Path": "PATH",
"Password": "PASSWORD"
}
}
}
}
Where:
PATH is the location of the certificate on the server. For example, Certificates/domain.accessmanagement.com.pfx.
PASSWORD is the password that is protecting certificate file.
Note: While enabling HTTPS, you can also change the port on which the service runs. By default, the Access Management service runs on port 80.
- Save and close appsettings.json.
- Restart the Access Management service.
Results
Access Management is now configured for a secure HTTPS connection. Note that if the configuration defines both HTTP and HTTPS endpoints, then the HTTP endpoint will be ignored and redirected to the HTTPS version.