Setting up HTTPS connections to the Core Service

To be able to connect securely through HTTPS, SOAP-compatible clients, including the SDL Content Porter client, require a change to the server-side configuration of certain bindings. Custom client applications built by your organization also require the same changes in the client-side configuration.

Procedure

  1. If you have not yet set up an HTTPS site binding in IIS, do the following:
    1. Start IIS Manager in your machine.
    2. In the IIS tree in the left part of the content area, open the node representing this computer, then navigate to Sites > SDL Tridion 2013 SP1.
      A set of icons and an action panel appear on the right hand side of the content area.
    3. In the action panel, in the Actions area, click Bindings or Edit Bindings (depending on your IIS Manager version).
      The Site Bindings dialog opens.
    4. Select the existing binding for http and click Edit. In the IP address field, fill in Unassigned. Then click OK to close the dialog.
      The Site Bindings dialog reopens, showing the modified binding.
    5. Click Add and in the Add Site Binding dialog that opens, set Type to https and select a valid SSL certificate under SSL certificate. For IP address, select All Unassigned. Change the port as needed; IIS Manager preselects the default value of 443. Then click OK to add this binding.
      The Site Bindings dialog reappears, now showing a new binding.
    6. Close IIS Manager.
  2. Ensure that the server contains a certificate that allows the HTTPS connection to be made, and that this certificate is trusted by all clients that connect to the Core Service using WS-HTTP or Basic HTTP bindings, including the SDL Content Porter client.
  3. On the Content Manager server, open the file %TRIDION_HOME%\webservices\web.config for editing.
  4. Follow the path <configuration>, then <system.serviceModel>, then <bindings>.
  5. Find the binding elements with their name attribute set to a value that ends in _basicHttpBinding, that is:
    • CoreService_basicHttpBinding
    • StreamDownload_basicHttpBinding
    • StreamUpload_basicHttpBinding
    • ImportExport_StreamDownload_basicHttpBinding
    • ImportExport_StreamUpload_basicHttpBinding
  6. Inside each of these elements, in the security subelement, set the mode attribute to the value Transport.
  7. Find the binding elements with the following name attribute values:
    • CoreService_wsHttpBinding
    • CoreService_wsFederationHttpBinding
  8. Inside each of these elements, in the security subelement, change the mode attribute from Message to TransportWithMessageCredential.
  9. Save and close web.config.
  10. Apply these same changes to the configuration files of any custom client applications that should connect to these endpoints.

Results

All clients that connect to the Core Service using Basic HTTP or WS-HTTP bindings, which include the SDL Content Porter client, can now connect securely to the Core Service through HTTPS.